Support AES in OFB and CFB modes (legacy)

whyoleg · whyoleg · commit 951c4e85d32a · 2025-09-16T23:52:09.000+03:00
diff --git a/build-logic/src/main/kotlin/ckbuild/tests/GenerateProviderTestsTask.kt b/build-logic/src/main/kotlin/ckbuild/tests/GenerateProviderTestsTask.kt
@@ -99,6 +99,10 @@ abstract class GenerateProviderTestsTask : DefaultTask() {
             "AesCmacTestvectorsTest",
             "AesCtrTest",
             "AesCtrCompatibilityTest",
+            "AesCfbTest",
+            "AesCfbCompatibilityTest",
+            "AesOfbTest",
+            "AesOfbCompatibilityTest",
             "AesEcbCompatibilityTest",
             "AesGcmTest",
             "AesGcmCompatibilityTest",
diff --git a/cryptography-core/api/cryptography-core.api b/cryptography-core/api/cryptography-core.api
@@ -105,6 +105,18 @@ public abstract interface class dev/whyoleg/cryptography/algorithms/AES$CBC$Key
 	public static synthetic fun cipher$default (Ldev/whyoleg/cryptography/algorithms/AES$CBC$Key;ZILjava/lang/Object;)Ldev/whyoleg/cryptography/algorithms/AES$IvCipher;
 }
 
+public abstract interface class dev/whyoleg/cryptography/algorithms/AES$CFB : dev/whyoleg/cryptography/algorithms/AES {
+	public static final field Companion Ldev/whyoleg/cryptography/algorithms/AES$CFB$Companion;
+	public fun getId ()Ldev/whyoleg/cryptography/CryptographyAlgorithmId;
+}
+
+public final class dev/whyoleg/cryptography/algorithms/AES$CFB$Companion : dev/whyoleg/cryptography/CryptographyAlgorithmId {
+}
+
+public abstract interface class dev/whyoleg/cryptography/algorithms/AES$CFB$Key : dev/whyoleg/cryptography/algorithms/AES$Key {
+	public abstract fun cipher ()Ldev/whyoleg/cryptography/algorithms/AES$IvCipher;
+}
+
 public abstract interface class dev/whyoleg/cryptography/algorithms/AES$CMAC : dev/whyoleg/cryptography/algorithms/AES {
 	public static final field Companion Ldev/whyoleg/cryptography/algorithms/AES$CMAC$Companion;
 	public fun getId ()Ldev/whyoleg/cryptography/CryptographyAlgorithmId;
@@ -237,6 +249,18 @@ public final class dev/whyoleg/cryptography/algorithms/AES$Key$Size {
 	public final fun getB256-XsYwlU8 ()I
 }
 
+public abstract interface class dev/whyoleg/cryptography/algorithms/AES$OFB : dev/whyoleg/cryptography/algorithms/AES {
+	public static final field Companion Ldev/whyoleg/cryptography/algorithms/AES$OFB$Companion;
+	public fun getId ()Ldev/whyoleg/cryptography/CryptographyAlgorithmId;
+}
+
+public final class dev/whyoleg/cryptography/algorithms/AES$OFB$Companion : dev/whyoleg/cryptography/CryptographyAlgorithmId {
+}
+
+public abstract interface class dev/whyoleg/cryptography/algorithms/AES$OFB$Key : dev/whyoleg/cryptography/algorithms/AES$Key {
+	public abstract fun cipher ()Ldev/whyoleg/cryptography/algorithms/AES$IvCipher;
+}
+
 public abstract interface class dev/whyoleg/cryptography/algorithms/Digest : dev/whyoleg/cryptography/CryptographyAlgorithm {
 	public abstract fun getId ()Ldev/whyoleg/cryptography/CryptographyAlgorithmId;
 	public abstract fun hasher ()Ldev/whyoleg/cryptography/operations/Hasher;
diff --git a/cryptography-core/api/cryptography-core.klib.api b/cryptography-core/api/cryptography-core.klib.api
@@ -30,6 +30,17 @@ abstract interface <#A: dev.whyoleg.cryptography.algorithms/AES.Key> dev.whyoleg
         final object Companion : dev.whyoleg.cryptography/CryptographyAlgorithmId<dev.whyoleg.cryptography.algorithms/AES.CBC> // dev.whyoleg.cryptography.algorithms/AES.CBC.Companion|null[0]
     }
 
+    abstract interface CFB : dev.whyoleg.cryptography.algorithms/AES<dev.whyoleg.cryptography.algorithms/AES.CFB.Key> { // dev.whyoleg.cryptography.algorithms/AES.CFB|null[0]
+        open val id // dev.whyoleg.cryptography.algorithms/AES.CFB.id|{}id[0]
+            open fun <get-id>(): dev.whyoleg.cryptography/CryptographyAlgorithmId<dev.whyoleg.cryptography.algorithms/AES.CFB> // dev.whyoleg.cryptography.algorithms/AES.CFB.id.<get-id>|<get-id>(){}[0]
+
+        abstract interface Key : dev.whyoleg.cryptography.algorithms/AES.Key { // dev.whyoleg.cryptography.algorithms/AES.CFB.Key|null[0]
+            abstract fun cipher(): dev.whyoleg.cryptography.algorithms/AES.IvCipher // dev.whyoleg.cryptography.algorithms/AES.CFB.Key.cipher|cipher(){}[0]
+        }
+
+        final object Companion : dev.whyoleg.cryptography/CryptographyAlgorithmId<dev.whyoleg.cryptography.algorithms/AES.CFB> // dev.whyoleg.cryptography.algorithms/AES.CFB.Companion|null[0]
+    }
+
     abstract interface CMAC : dev.whyoleg.cryptography.algorithms/AES<dev.whyoleg.cryptography.algorithms/AES.CMAC.Key> { // dev.whyoleg.cryptography.algorithms/AES.CMAC|null[0]
         open val id // dev.whyoleg.cryptography.algorithms/AES.CMAC.id|{}id[0]
             open fun <get-id>(): dev.whyoleg.cryptography/CryptographyAlgorithmId<dev.whyoleg.cryptography.algorithms/AES.CMAC> // dev.whyoleg.cryptography.algorithms/AES.CMAC.id.<get-id>|<get-id>(){}[0]
@@ -156,6 +167,17 @@ abstract interface <#A: dev.whyoleg.cryptography.algorithms/AES.Key> dev.whyoleg
                 final fun <get-B256>(): dev.whyoleg.cryptography/BinarySize // dev.whyoleg.cryptography.algorithms/AES.Key.Size.B256.<get-B256>|<get-B256>(){}[0]
         }
     }
+
+    abstract interface OFB : dev.whyoleg.cryptography.algorithms/AES<dev.whyoleg.cryptography.algorithms/AES.OFB.Key> { // dev.whyoleg.cryptography.algorithms/AES.OFB|null[0]
+        open val id // dev.whyoleg.cryptography.algorithms/AES.OFB.id|{}id[0]
+            open fun <get-id>(): dev.whyoleg.cryptography/CryptographyAlgorithmId<dev.whyoleg.cryptography.algorithms/AES.OFB> // dev.whyoleg.cryptography.algorithms/AES.OFB.id.<get-id>|<get-id>(){}[0]
+
+        abstract interface Key : dev.whyoleg.cryptography.algorithms/AES.Key { // dev.whyoleg.cryptography.algorithms/AES.OFB.Key|null[0]
+            abstract fun cipher(): dev.whyoleg.cryptography.algorithms/AES.IvCipher // dev.whyoleg.cryptography.algorithms/AES.OFB.Key.cipher|cipher(){}[0]
+        }
+
+        final object Companion : dev.whyoleg.cryptography/CryptographyAlgorithmId<dev.whyoleg.cryptography.algorithms/AES.OFB> // dev.whyoleg.cryptography.algorithms/AES.OFB.Companion|null[0]
+    }
 }
 
 abstract interface <#A: dev.whyoleg.cryptography.algorithms/EC.PublicKey, #B: dev.whyoleg.cryptography.algorithms/EC.PrivateKey, #C: dev.whyoleg.cryptography.algorithms/EC.KeyPair<#A, #B>> dev.whyoleg.cryptography.algorithms/EC : dev.whyoleg.cryptography/CryptographyAlgorithm { // dev.whyoleg.cryptography.algorithms/EC|null[0]
diff --git a/cryptography-core/src/commonMain/kotlin/algorithms/AES.kt b/cryptography-core/src/commonMain/kotlin/algorithms/AES.kt
@@ -85,6 +85,32 @@ public interface AES<K : AES.Key> : CryptographyAlgorithm {
         }
     }
 
+    @DelicateCryptographyApi
+    @SubclassOptInRequired(CryptographyProviderApi::class)
+    public interface CFB : AES<CFB.Key> {
+        override val id: CryptographyAlgorithmId<CFB> get() = Companion
+
+        public companion object : CryptographyAlgorithmId<CFB>("AES-CFB")
+
+        @SubclassOptInRequired(CryptographyProviderApi::class)
+        public interface Key : AES.Key {
+            public fun cipher(): IvCipher
+        }
+    }
+
+    @DelicateCryptographyApi
+    @SubclassOptInRequired(CryptographyProviderApi::class)
+    public interface OFB : AES<OFB.Key> {
+        override val id: CryptographyAlgorithmId<OFB> get() = Companion
+
+        public companion object : CryptographyAlgorithmId<OFB>("AES-OFB")
+
+        @SubclassOptInRequired(CryptographyProviderApi::class)
+        public interface Key : AES.Key {
+            public fun cipher(): IvCipher
+        }
+    }
+
     @SubclassOptInRequired(CryptographyProviderApi::class)
     public interface GCM : AES<GCM.Key> {
         override val id: CryptographyAlgorithmId<GCM> get() = Companion
diff --git a/cryptography-providers/apple/src/commonMain/kotlin/AppleCryptographyProvider.kt b/cryptography-providers/apple/src/commonMain/kotlin/AppleCryptographyProvider.kt
@@ -27,6 +27,8 @@ internal object AppleCryptographyProvider : CryptographyProvider() {
         HMAC    -> CCHmac
         AES.CBC -> CCAesCbc
         AES.CTR -> CCAesCtr
+        AES.CFB -> CCAesCfb
+        AES.OFB -> CCAesOfb
         AES.ECB -> CCAesEcb
         RSA.PSS -> SecRsaPss
         RSA.PKCS1 -> SecRsaPkcs1
diff --git a/cryptography-providers/apple/src/commonMain/kotlin/algorithms/CCAesCfb.kt b/cryptography-providers/apple/src/commonMain/kotlin/algorithms/CCAesCfb.kt
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.providers.apple.algorithms
+
+import dev.whyoleg.cryptography.algorithms.*
+import kotlinx.cinterop.*
+import platform.CoreCrypto.*
+
+internal object CCAesCfb : CCAes<AES.CFB.Key>(), AES.CFB {
+    override fun wrapKey(key: ByteArray): AES.CFB.Key = AesCfbKey(key)
+
+    private class AesCfbKey(private val key: ByteArray) : AES.CFB.Key {
+        override fun cipher(): AES.IvCipher = CCAesIvCipher(
+            algorithm = kCCAlgorithmAES,
+            mode = kCCModeCFB,
+            padding = 0.convert(), // not applicable
+            key = key,
+            ivSize = 16
+        )
+
+        override fun encodeToByteArrayBlocking(format: AES.Key.Format): ByteArray = when (format) {
+            AES.Key.Format.RAW -> key.copyOf()
+            AES.Key.Format.JWK -> error("JWK is not supported")
+        }
+    }
+}
diff --git a/cryptography-providers/apple/src/commonMain/kotlin/algorithms/CCAesOfb.kt b/cryptography-providers/apple/src/commonMain/kotlin/algorithms/CCAesOfb.kt
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.providers.apple.algorithms
+
+import dev.whyoleg.cryptography.algorithms.*
+import kotlinx.cinterop.*
+import platform.CoreCrypto.*
+
+internal object CCAesOfb : CCAes<AES.OFB.Key>(), AES.OFB {
+    override fun wrapKey(key: ByteArray): AES.OFB.Key = AesOfbKey(key)
+
+    private class AesOfbKey(private val key: ByteArray) : AES.OFB.Key {
+        override fun cipher(): AES.IvCipher = CCAesIvCipher(
+            algorithm = kCCAlgorithmAES,
+            mode = kCCModeOFB,
+            padding = 0.convert(), // not applicable
+            key = key,
+            ivSize = 16
+        )
+
+        override fun encodeToByteArrayBlocking(format: AES.Key.Format): ByteArray = when (format) {
+            AES.Key.Format.RAW -> key.copyOf()
+            AES.Key.Format.JWK -> error("JWK is not supported")
+        }
+    }
+}
diff --git a/cryptography-providers/jdk/src/jvmMain/kotlin/JdkCryptographyProvider.kt b/cryptography-providers/jdk/src/jvmMain/kotlin/JdkCryptographyProvider.kt
@@ -125,6 +125,8 @@ internal class JdkCryptographyProvider(provider: Provider?) : CryptographyProvid
             AES.CBC   -> JdkAesCbc(state)
             AES.CMAC  -> JdkAesCmac(state)
             AES.CTR   -> JdkAesCtr(state)
+            AES.CFB -> JdkAesCfb(state)
+            AES.OFB -> JdkAesOfb(state)
             AES.ECB   -> JdkAesEcb(state)
             AES.GCM   -> JdkAesGcm(state)
             RSA.OAEP  -> JdkRsaOaep(state)
diff --git a/cryptography-providers/jdk/src/jvmMain/kotlin/algorithms/JdkAesCfb.kt b/cryptography-providers/jdk/src/jvmMain/kotlin/algorithms/JdkAesCfb.kt
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.providers.jdk.algorithms
+
+import dev.whyoleg.cryptography.*
+import dev.whyoleg.cryptography.algorithms.*
+import dev.whyoleg.cryptography.materials.key.*
+import dev.whyoleg.cryptography.providers.jdk.*
+import dev.whyoleg.cryptography.providers.jdk.materials.*
+
+internal class JdkAesCfb(
+    private val state: JdkCryptographyState,
+) : AES.CFB {
+    private val keyWrapper: (JSecretKey) -> AES.CFB.Key = { key -> JdkAesCfbKey(state, key) }
+    private val keyDecoder = JdkSecretKeyDecoder<AES.Key.Format, _>("AES", keyWrapper)
+
+    override fun keyDecoder(): KeyDecoder<AES.Key.Format, AES.CFB.Key> = keyDecoder
+    override fun keyGenerator(keySize: BinarySize): KeyGenerator<AES.CFB.Key> = JdkSecretKeyGenerator(state, "AES", keyWrapper) {
+        init(keySize.inBits, state.secureRandom)
+    }
+}
+
+private class JdkAesCfbKey(
+    private val state: JdkCryptographyState,
+    private val key: JSecretKey,
+) : AES.CFB.Key, JdkEncodableKey<AES.Key.Format>(key) {
+    override fun cipher(): AES.IvCipher = JdkAesIvCipher(
+        state = state,
+        key = key,
+        ivSize = 16,
+        algorithm = "AES/CFB/NoPadding"
+    )
+
+    override fun encodeToByteArrayBlocking(format: AES.Key.Format): ByteArray = when (format) {
+        AES.Key.Format.JWK -> error("$format is not supported")
+        AES.Key.Format.RAW -> encodeToRaw()
+    }
+}
diff --git a/cryptography-providers/jdk/src/jvmMain/kotlin/algorithms/JdkAesOfb.kt b/cryptography-providers/jdk/src/jvmMain/kotlin/algorithms/JdkAesOfb.kt
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.providers.jdk.algorithms
+
+import dev.whyoleg.cryptography.*
+import dev.whyoleg.cryptography.algorithms.*
+import dev.whyoleg.cryptography.materials.key.*
+import dev.whyoleg.cryptography.providers.jdk.*
+import dev.whyoleg.cryptography.providers.jdk.materials.*
+
+internal class JdkAesOfb(
+    private val state: JdkCryptographyState,
+) : AES.OFB {
+    private val keyWrapper: (JSecretKey) -> AES.OFB.Key = { key -> JdkAesOfbKey(state, key) }
+    private val keyDecoder = JdkSecretKeyDecoder<AES.Key.Format, _>("AES", keyWrapper)
+
+    override fun keyDecoder(): KeyDecoder<AES.Key.Format, AES.OFB.Key> = keyDecoder
+    override fun keyGenerator(keySize: BinarySize): KeyGenerator<AES.OFB.Key> = JdkSecretKeyGenerator(state, "AES", keyWrapper) {
+        init(keySize.inBits, state.secureRandom)
+    }
+}
+
+private class JdkAesOfbKey(
+    private val state: JdkCryptographyState,
+    private val key: JSecretKey,
+) : AES.OFB.Key, JdkEncodableKey<AES.Key.Format>(key) {
+    override fun cipher(): AES.IvCipher = JdkAesIvCipher(
+        state = state,
+        key = key,
+        ivSize = 16,
+        algorithm = "AES/OFB/NoPadding"
+    )
+
+    override fun encodeToByteArrayBlocking(format: AES.Key.Format): ByteArray = when (format) {
+        AES.Key.Format.JWK -> error("$format is not supported")
+        AES.Key.Format.RAW -> encodeToRaw()
+    }
+}
diff --git a/cryptography-providers/openssl3/api/src/commonMain/kotlin/Openssl3CryptographyProvider.kt b/cryptography-providers/openssl3/api/src/commonMain/kotlin/Openssl3CryptographyProvider.kt
@@ -35,6 +35,8 @@ internal object Openssl3CryptographyProvider : CryptographyProvider() {
         AES.CBC -> Openssl3AesCbc
         AES.CMAC -> Openssl3AesCmac
         AES.CTR -> Openssl3AesCtr
+        AES.CFB -> Openssl3AesCfb
+        AES.OFB -> Openssl3AesOfb
         AES.ECB -> Openssl3AesEcb
         AES.GCM -> Openssl3AesGcm
         ECDSA   -> Openssl3Ecdsa
diff --git a/cryptography-providers/openssl3/api/src/commonMain/kotlin/algorithms/Openssl3AesCfb.kt b/cryptography-providers/openssl3/api/src/commonMain/kotlin/algorithms/Openssl3AesCfb.kt
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.providers.openssl3.algorithms
+
+import dev.whyoleg.cryptography.*
+import dev.whyoleg.cryptography.algorithms.*
+import dev.whyoleg.cryptography.providers.openssl3.internal.cinterop.*
+import kotlin.experimental.*
+import kotlin.native.ref.*
+
+internal object Openssl3AesCfb : AES.CFB, Openssl3Aes<AES.CFB.Key>() {
+    override fun wrapKey(keySize: BinarySize, key: ByteArray): AES.CFB.Key = AesCfbKey(keySize, key)
+
+    private class AesCfbKey(keySize: BinarySize, key: ByteArray) : AES.CFB.Key, AesKey(key) {
+        private val algorithm = when (keySize) {
+            AES.Key.Size.B128 -> "AES-128-CFB"
+            AES.Key.Size.B192 -> "AES-192-CFB"
+            AES.Key.Size.B256 -> "AES-256-CFB"
+            else              -> error("Unsupported key size")
+        }
+
+        private val cipher = EVP_CIPHER_fetch(null, algorithm, null)
+
+        @OptIn(ExperimentalNativeApi::class)
+        private val cleaner = createCleaner(cipher, ::EVP_CIPHER_free)
+
+        override fun cipher(): AES.IvCipher {
+            return Openssl3AesIvCipher(cipher, key, ivSize = 16)
+        }
+    }
+}
diff --git a/cryptography-providers/openssl3/api/src/commonMain/kotlin/algorithms/Openssl3AesOfb.kt b/cryptography-providers/openssl3/api/src/commonMain/kotlin/algorithms/Openssl3AesOfb.kt
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.providers.openssl3.algorithms
+
+import dev.whyoleg.cryptography.*
+import dev.whyoleg.cryptography.algorithms.*
+import dev.whyoleg.cryptography.providers.openssl3.internal.cinterop.*
+import kotlin.experimental.*
+import kotlin.native.ref.*
+
+internal object Openssl3AesOfb : AES.OFB, Openssl3Aes<AES.OFB.Key>() {
+    override fun wrapKey(keySize: BinarySize, key: ByteArray): AES.OFB.Key = AesOfbKey(keySize, key)
+
+    private class AesOfbKey(keySize: BinarySize, key: ByteArray) : AES.OFB.Key, AesKey(key) {
+        private val algorithm = when (keySize) {
+            AES.Key.Size.B128 -> "AES-128-OFB"
+            AES.Key.Size.B192 -> "AES-192-OFB"
+            AES.Key.Size.B256 -> "AES-256-OFB"
+            else              -> error("Unsupported key size")
+        }
+
+        private val cipher = EVP_CIPHER_fetch(null, algorithm, null)
+
+        @OptIn(ExperimentalNativeApi::class)
+        private val cleaner = createCleaner(cipher, ::EVP_CIPHER_free)
+
+        override fun cipher(): AES.IvCipher {
+            return Openssl3AesIvCipher(cipher, key, ivSize = 16)
+        }
+    }
+}
diff --git a/cryptography-providers/tests/src/commonMain/kotlin/compatibility/AesCfbCompatibilityTest.kt b/cryptography-providers/tests/src/commonMain/kotlin/compatibility/AesCfbCompatibilityTest.kt
diff --git a/cryptography-providers/tests/src/commonMain/kotlin/compatibility/AesOfbCompatibilityTest.kt b/cryptography-providers/tests/src/commonMain/kotlin/compatibility/AesOfbCompatibilityTest.kt
diff --git a/cryptography-providers/tests/src/commonMain/kotlin/default/AesCfbTest.kt b/cryptography-providers/tests/src/commonMain/kotlin/default/AesCfbTest.kt
diff --git a/cryptography-providers/tests/src/commonMain/kotlin/default/AesOfbTest.kt b/cryptography-providers/tests/src/commonMain/kotlin/default/AesOfbTest.kt
diff --git a/cryptography-providers/tests/src/commonMain/kotlin/default/SupportedAlgorithmsTest.kt b/cryptography-providers/tests/src/commonMain/kotlin/default/SupportedAlgorithmsTest.kt
diff --git a/docs/providers/index.md b/docs/providers/index.md
