/* $OpenBSD: cts128.c,v 1.6 2022/11/26 16:08:53 tb Exp $ */ /* ==================================================================== * Copyright (c) 2008 The OpenSSL Project. All rights reserved. * * Rights for redistribution and usage in source and binary * forms are granted according to the OpenSSL license. */ #include #include "modes_local.h" #include #ifndef MODES_DEBUG # ifndef NDEBUG # define NDEBUG # endif #endif /* * Trouble with Ciphertext Stealing, CTS, mode is that there is no * common official specification, but couple of cipher/application * specific ones: RFC2040 and RFC3962. Then there is 'Proposal to * Extend CBC Mode By "Ciphertext Stealing"' at NIST site, which * deviates from mentioned RFCs. Most notably it allows input to be * of block length and it doesn't flip the order of the last two * blocks. CTS is being discussed even in ECB context, but it's not * adopted for any known application. This implementation provides * two interfaces: one compliant with above mentioned RFCs and one * compliant with the NIST proposal, both extending CBC mode. */ size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, unsigned char *out, size_t len, const void *key, unsigned char ivec[16], block128_f block) { size_t residue, n; if (len <= 16) return 0; if ((residue=len%16) == 0) residue = 16; len -= residue; CRYPTO_cbc128_encrypt(in,out,len,key,ivec,block); in += len; out += len; for (n=0; n