10 files changed, 276 insertions, 10 deletions

diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
index a03c31ea35..cb36629684 100644
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@@ -738,7 +738,8 @@ that has the flag B<EVP_CIPH_FLAG_CUSTOM_ASN1> set.
 =item "cts_mode" (B<OSSL_CIPHER_PARAM_CTS_MODE>) <UTF8 string>
 
 Gets or sets the cipher text stealing mode. For all modes the output size is the
-same as the input size.
+same as the input size. The input length must be greater than or equal to the
+block size. (The block size for AES and CAMELLIA is 16 bytes).
 
 Valid values for the mode are:
 
@@ -747,25 +748,28 @@ Valid values for the mode are:
 =item "CS1"
 
 The NIST variant of cipher text stealing.
-For message lengths that are multiples of the block size it is equivalent to
-using a "AES-CBC" cipher otherwise the second last cipher text block is a
-partial block.
+For input lengths that are multiples of the block size it is equivalent to
+using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher otherwise the second last
+cipher text block is a partial block.
 
 =item "CS2"
 
-For message lengths that are multiples of the block size it is equivalent to
-using a "AES-CBC" cipher, otherwise it is the same as "CS3".
+For input lengths that are multiples of the block size it is equivalent to
+using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher, otherwise it is the same as
+"CS3" mode.
 
 =item "CS3"
 
 The Kerberos5 variant of cipher text stealing which always swaps the last
 cipher text block with the previous block (which may be a partial or full block
-depending on the input length).
+depending on the input length). If the input length is exactly one full block
+then this is equivalent to using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher.
 
 =back
 
 The default is "CS1".
-This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS".
+This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS",
+"CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS".
 
 =item "tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>) <unsigned integer>
 
diff --git a/doc/man7/EVP_CIPHER-CAMELLIA.pod b/doc/man7/EVP_CIPHER-CAMELLIA.pod
index 7b129c6407..bba8001d00 100644
--- a/doc/man7/EVP_CIPHER-CAMELLIA.pod
+++ b/doc/man7/EVP_CIPHER-CAMELLIA.pod
@@ -16,6 +16,8 @@ The following algorithms are available in the default provider:
 
 =item "CAMELLIA-128-CBC", "CAMELLIA-192-CBC" and  "CAMELLIA-256-CBC"
 
+=item "CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS"
+
 =item "CAMELLIA-128-CFB", "CAMELLIA-192-CFB", "CAMELLIA-256-CFB",
 "CAMELLIA-128-CFB1", "CAMELLIA-192-CFB1", "CAMELLIA-256-CFB1",
 "CAMELLIA-128-CFB8", "CAMELLIA-192-CFB8" and "CAMELLIA-256-CFB8"
diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod
index 8cc017dfa6..7e0bbf465d 100644
--- a/doc/man7/migration_guide.pod
+++ b/doc/man7/migration_guide.pod
@@ -219,9 +219,10 @@ unwrapping. The algorithms are: "AES-128-WRAP-INV", "AES-192-WRAP-INV",
 
 =item *
 
-AES CTS cipher added to EVP layer.
+CTS ciphers added to EVP layer.
 
-The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS".
+The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS",
+"CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS".
 CS1, CS2 and CS3 variants are supported.
 
 =back
@@ -1220,6 +1221,19 @@ tools, such as compiler memory and leak sanitizers or Valgrind.
 
 =item *
 
+CRYPTO_cts128_encrypt_block(), CRYPTO_cts128_encrypt(),
+CRYPTO_cts128_decrypt_block(), CRYPTO_cts128_decrypt(),
+CRYPTO_nistcts128_encrypt_block(), CRYPTO_nistcts128_encrypt(),
+CRYPTO_nistcts128_decrypt_block(), CRYPTO_nistcts128_decrypt()
+
+Use the higher level functions EVP_CipherInit_ex2(), EVP_CipherUpdate() and
+EVP_CipherFinal_ex() instead.
+See the "cts_mode" parameter in
+L<EVP_EncryptInit(3)/Gettable and Settable EVP_CIPHER_CTX parameters>.
+See L<EVP_EncryptInit(3)/EXAMPLES> for a AES-256-CBC-CTS example.
+
+=item *
+
 d2i_DHparams(), d2i_DHxparams(), d2i_DSAparams(), d2i_DSAPrivateKey(),
 d2i_DSAPrivateKey_bio(), d2i_DSAPrivateKey_fp(), d2i_DSA_PUBKEY(),
 d2i_DSA_PUBKEY_bio(), d2i_DSA_PUBKEY_fp(), d2i_DSAPublicKey(),
diff --git a/providers/defltprov.c b/providers/defltprov.c
index 498c4eaa2a..62258da723 100644
--- a/providers/defltprov.c
+++ b/providers/defltprov.c
@@ -251,6 +251,9 @@ static const OSSL_ALGORITHM_CAPABLE deflt_ciphers[] = {
     ALG(PROV_NAMES_CAMELLIA_256_CBC, ossl_camellia256cbc_functions),
     ALG(PROV_NAMES_CAMELLIA_192_CBC, ossl_camellia192cbc_functions),
     ALG(PROV_NAMES_CAMELLIA_128_CBC, ossl_camellia128cbc_functions),
+    ALG(PROV_NAMES_CAMELLIA_128_CBC_CTS, ossl_camellia128cbc_cts_functions),
+    ALG(PROV_NAMES_CAMELLIA_192_CBC_CTS, ossl_camellia192cbc_cts_functions),
+    ALG(PROV_NAMES_CAMELLIA_256_CBC_CTS, ossl_camellia256cbc_cts_functions),
     ALG(PROV_NAMES_CAMELLIA_256_OFB, ossl_camellia256ofb_functions),
     ALG(PROV_NAMES_CAMELLIA_192_OFB, ossl_camellia192ofb_functions),
     ALG(PROV_NAMES_CAMELLIA_128_OFB, ossl_camellia128ofb_functions),
diff --git a/providers/implementations/ciphers/cipher_camellia.c b/providers/implementations/ciphers/cipher_camellia.c
index 02bef547fd..5f0607a199 100644
--- a/providers/implementations/ciphers/cipher_camellia.c
+++ b/providers/implementations/ciphers/cipher_camellia.c
@@ -91,3 +91,4 @@ IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 192, 8, 128, stream)
 /* ossl_camellia128ctr_functions */
 IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 128, 8, 128, stream)
 
+#include "cipher_camellia_cts.inc"
diff --git a/providers/implementations/ciphers/cipher_camellia_cts.inc b/providers/implementations/ciphers/cipher_camellia_cts.inc
new file mode 100644
index 0000000000..84ea992b8d
--- /dev/null
+++ b/providers/implementations/ciphers/cipher_camellia_cts.inc
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for CAMELLIA CBC CTS ciphers */
+
+#include <openssl/proverr.h>
+#include "cipher_cts.h"
+
+#define CTS_FLAGS PROV_CIPHER_FLAG_CTS
+
+static OSSL_FUNC_cipher_encrypt_init_fn camellia_cbc_cts_einit;
+static OSSL_FUNC_cipher_decrypt_init_fn camellia_cbc_cts_dinit;
+static OSSL_FUNC_cipher_get_ctx_params_fn camellia_cbc_cts_get_ctx_params;
+static OSSL_FUNC_cipher_set_ctx_params_fn camellia_cbc_cts_set_ctx_params;
+static OSSL_FUNC_cipher_gettable_ctx_params_fn camellia_cbc_cts_gettable_ctx_params;
+static OSSL_FUNC_cipher_settable_ctx_params_fn camellia_cbc_cts_settable_ctx_params;
+
+CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(camellia_cbc_cts)
+OSSL_PARAM_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, NULL, 0),
+CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(camellia_cbc_cts)
+
+static int camellia_cbc_cts_einit(void *ctx, const unsigned char *key, size_t keylen,
+                             const unsigned char *iv, size_t ivlen,
+                             const OSSL_PARAM params[])
+{
+    if (!ossl_cipher_generic_einit(ctx, key, keylen, iv, ivlen, NULL))
+        return 0;
+    return camellia_cbc_cts_set_ctx_params(ctx, params);
+}
+
+static int camellia_cbc_cts_dinit(void *ctx, const unsigned char *key, size_t keylen,
+                             const unsigned char *iv, size_t ivlen,
+                             const OSSL_PARAM params[])
+{
+    if (!ossl_cipher_generic_dinit(ctx, key, keylen, iv, ivlen, NULL))
+        return 0;
+    return camellia_cbc_cts_set_ctx_params(ctx, params);
+}
+
+static int camellia_cbc_cts_get_ctx_params(void *vctx, OSSL_PARAM params[])
+{
+    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+    OSSL_PARAM *p;
+
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CTS_MODE);
+    if (p != NULL) {
+        const char *name = ossl_cipher_cbc_cts_mode_id2name(ctx->cts_mode);
+
+        if (name == NULL || !OSSL_PARAM_set_utf8_string(p, name)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+            return 0;
+        }
+    }
+    return ossl_cipher_generic_get_ctx_params(vctx, params);
+}
+
+CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(camellia_cbc_cts)
+OSSL_PARAM_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, NULL, 0),
+CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(camellia_cbc_cts)
+
+static int camellia_cbc_cts_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+{
+    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+    const OSSL_PARAM *p;
+    int id;
+
+    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_CTS_MODE);
+    if (p != NULL) {
+        if (p->data_type != OSSL_PARAM_UTF8_STRING)
+            goto err;
+        id = ossl_cipher_cbc_cts_mode_name2id(p->data);
+        if (id < 0)
+            goto err;
+
+        ctx->cts_mode = (unsigned int)id;
+    }
+    return ossl_cipher_generic_set_ctx_params(vctx, params);
+err:
+    ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+    return 0;
+}
+
+/* ossl_camellia256cbc_cts_functions */
+IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 256, 128, 128, block)
+/* ossl_camellia192cbc_cts_functions */
+IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 192, 128, 128, block)
+/* ossl_camellia128cbc_cts_functions */
+IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 128, 128, 128, block)
diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h
index c80b0dcfa3..8bdd491d0d 100644
--- a/providers/implementations/include/prov/implementations.h
+++ b/providers/implementations/include/prov/implementations.h
@@ -129,6 +129,9 @@ extern const OSSL_DISPATCH ossl_camellia128ecb_functions[];
 extern const OSSL_DISPATCH ossl_camellia256cbc_functions[];
 extern const OSSL_DISPATCH ossl_camellia192cbc_functions[];
 extern const OSSL_DISPATCH ossl_camellia128cbc_functions[];
+extern const OSSL_DISPATCH ossl_camellia256cbc_cts_functions[];
+extern const OSSL_DISPATCH ossl_camellia192cbc_cts_functions[];
+extern const OSSL_DISPATCH ossl_camellia128cbc_cts_functions[];
 extern const OSSL_DISPATCH ossl_camellia256ofb_functions[];
 extern const OSSL_DISPATCH ossl_camellia192ofb_functions[];
 extern const OSSL_DISPATCH ossl_camellia128ofb_functions[];
diff --git a/providers/implementations/include/prov/names.h b/providers/implementations/include/prov/names.h
index b05776e4f6..e0dbb69a9d 100644
--- a/providers/implementations/include/prov/names.h
+++ b/providers/implementations/include/prov/names.h
@@ -130,6 +130,9 @@
 #define PROV_NAMES_CAMELLIA_256_CBC "CAMELLIA-256-CBC:CAMELLIA256:1.2.392.200011.61.1.1.1.4"
 #define PROV_NAMES_CAMELLIA_192_CBC "CAMELLIA-192-CBC:CAMELLIA192:1.2.392.200011.61.1.1.1.3"
 #define PROV_NAMES_CAMELLIA_128_CBC "CAMELLIA-128-CBC:CAMELLIA128:1.2.392.200011.61.1.1.1.2"
+#define PROV_NAMES_CAMELLIA_256_CBC_CTS "CAMELLIA-256-CBC-CTS"
+#define PROV_NAMES_CAMELLIA_192_CBC_CTS "CAMELLIA-192-CBC-CTS"
+#define PROV_NAMES_CAMELLIA_128_CBC_CTS "CAMELLIA-128-CBC-CTS"
 #define PROV_NAMES_CAMELLIA_256_OFB "CAMELLIA-256-OFB:0.3.4401.5.3.1.9.43"
 #define PROV_NAMES_CAMELLIA_192_OFB "CAMELLIA-192-OFB:0.3.4401.5.3.1.9.23"
 #define PROV_NAMES_CAMELLIA_128_OFB "CAMELLIA-128-OFB:0.3.4401.5.3.1.9.3"
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
index 96fc394fca..7ae546e1d7 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -86,6 +86,7 @@ my @defltfiles = qw(
                      evpciph_aria.txt 
                      evpciph_bf.txt
                      evpciph_camellia.txt
+                     evpciph_camellia_cts.txt
                      evpciph_cast5.txt
                      evpciph_chacha.txt
                      evpciph_des.txt
diff --git a/test/recipes/30-test_evp_data/evpciph_camellia_cts.txt b/test/recipes/30-test_evp_data/evpciph_camellia_cts.txt
new file mode 100644
index 0000000000..4bc698e3ca
--- /dev/null
+++ b/test/recipes/30-test_evp_data/evpciph_camellia_cts.txt
@@ -0,0 +1,141 @@
+#
+# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+Title = Camellia CTS tests from RFC6803
+
+# The encryption test vectors in RFC6803 specify the base_key,
+# not the derived encryption key.
+# The encryption key was manually derived using:
+#    ke = KBKDF(mac = CMAC, mode = FEEDBACK, base_key,
+#               salt = 0000000 || usage || AA,
+#               seed = 00000000000000000000000000000000)
+# NOTE: that the usage was not specified in the test vectors,
+# but is listed here in https://www.rfc-editor.org/errata_search.php?rfc=6803
+#
+# e.g: openssl kdf -cipher CAMELLIA-128-CBC
+#                  -keylen 16
+#                  -kdfopt hexkey:1DC46A8D763F4F93742BCBA3387576C3
+#                  -kdfopt hexsalt:00000000AA
+#                  -kdfopt mode:FEEDBACK
+#                  -kdfopt hexseed:00000000000000000000000000000000
+#                  -mac CMAC
+#                  KBKDF
+#
+# The ciphertext result also contains a MAC result so this was also manually stripped from the test data.
+# The random confounder is also prepended to the plaintext.
+#
+
+# 128-bit Camellia key: 1DC46A8D763F4F93742BCBA3387576C3
+# Key usage: 0
+# Random confounder: B69822A19A6B09C0EBC8557D1F1B6C0A
+# Plaintext: (empty)
+Cipher = CAMELLIA-128-CBC-CTS
+CTSMode = CS3
+Key = E99B82B36C4AE8EA19E95DFA9EDE882C
+IV = 00000000000000000000000000000000
+Plaintext = B69822A19A6B09C0EBC8557D1F1B6C0A
+Ciphertext = C466F1871069921EDB7C6FDE244A52DB
+
+# 128-bit Camellia key: 5027BC231D0F3A9D23333F1CA6FDBE7C
+# Key usage: 1
+# Random confounder: 6F2FC3C2A166FD8898967A83DE9596D9
+# Plaintext: 1 (31)
+Cipher = CAMELLIA-128-CBC-CTS
+CTSMode = CS3
+Key = A7EDCD5397EA6D12B0AFF4CB8DAA57AD 
+IV = 00000000000000000000000000000000
+Plaintext = 6F2FC3C2A166FD8898967A83DE9596D931
+Ciphertext = 842D21FD950311C0DD464A3F4BE8D6DA88
+
+# 128-bit Camellia key: A1BB61E805F9BA6DDE8FDBDDC05CDEA0
+# Key usage: 2
+# Random confounder: A5B4A71E077AEEF93C8763C18FDB1F10
+# Plaintext: 9 bytesss (392062797465737373)
+Cipher = CAMELLIA-128-CBC-CTS
+CTSMode = CS3
+Key = DDE42ECA7CD9863FC3CE89CBC94362D7
+IV = 00000000000000000000000000000000
+Plaintext = A5B4A71E077AEEF93C8763C18FDB1F10392062797465737373
+Ciphertext = 619FF072E36286FF0A28DEB3A352EC0D0EDF5C5160D663C901
+
+# 128-bit Camellia key: 2CA27A5FAF5532244506434E1CEF6676
+# Key usage: 3
+# Random confounder: 19FEE40D810C524B5B22F01874C693DA
+# Plaintext: 13 bytes byte (31332062797465732062797465)
+Cipher = CAMELLIA-128-CBC-CTS
+CTSMode = CS3
+Key = C3113A258590B9AEBF721B1AF6B0CBF8
+IV = 00000000000000000000000000000000
+Plaintext = 19FEE40D810C524B5B22F01874C693DA31332062797465732062797465
+Ciphertext = B8ECA3167AE6315512E59F98A7C500205E5F63FF3BB389AF1C41A21D64
+
+# 128-bit Camellia key: 7824F8C16F83FF354C6BF7515B973F43
+# Key usage: 4
+# Random confounder: CA7A7AB4BE192DABD603506DB19C39E2
+# Plaintext: 30 bytes bytes bytes bytes byt (333020627974657320627974657320627974657320627974657320627974)
+Cipher = CAMELLIA-128-CBC-CTS
+CTSMode = CS3
+Key = 8B07EED30149916AA20DB3F5CED8AFAD
+IV = 00000000000000000000000000000000
+Plaintext = CA7A7AB4BE192DABD603506DB19C39E2333020627974657320627974657320627974657320627974657320627974
+Ciphertext = A26A3905A4FFD5816B7B1E27380D08090C8EC1F304496E1ABDCD2BDCD1DFFC660989E117A713DDBB57A4146C1587
+
+# 256-bit Camellia key: B61C86CC4E5D2757545AD423399FB7031ECAB913CBB900BD7A3C6DD8BF92015B
+# Key usage: 0
+# Random confounder: 3CBBD2B45917941067F96599BB98926C
+# Plaintext: (empty)
+Cipher = CAMELLIA-256-CBC-CTS
+CTSMode = CS3
+Key = 6CCB3F25D8AE57F4E8F6CA474BDDEFF116CE131B3F71012E756D6B1E3F70A7F1
+IV = 00000000000000000000000000000000
+Plaintext = 3CBBD2B45917941067F96599BB98926C
+Ciphertext = 03886D03310B47A6D8F06D7B94D1DD83
+
+# 256-bit Camellia key: 1B97FE0A190E2021EB30753E1B6E1E77B0754B1D684610355864104963463833
+# Key usage: 1
+# Random confounder: DEF487FCEBE6DE6346D4DA4521BBA2D2
+# Plaintext: 1 (31)
+Cipher = CAMELLIA-256-CBC-CTS
+CTSMode = CS3
+Key = E93173AA01EB3C246231DAFC7802EE32AF24851D8C7387D18CB9B2C5B7F570B8
+IV = 00000000000000000000000000000000
+Plaintext = DEF487FCEBE6DE6346D4DA4521BBA2D231
+Ciphertext = 2C9C1570133C99BF6A34BC1B0212002FD1
+
+# 256-bit Camellia key: 32164C5B434D1D1538E4CFD9BE8040FE8C4AC7ACC4B93D3314D2133668147A05
+# Key usage: 2
+# Random confounder: AD4FF904D34E555384B14100FC465F88
+# Plaintext: 9 bytesss (392062797465737373)
+Cipher = CAMELLIA-256-CBC-CTS
+CTSMode = CS3
+Key = CDA2D39A9B243FFEB56E8D5F4BD528741ECB520C62123FB040B8418B15C7D70C
+IV = 00000000000000000000000000000000
+Plaintext = AD4FF904D34E555384B14100FC465F88392062797465737373
+Ciphertext = 9C6DE75F812DE7ED0D28B2963557A115640998275B0AF51527
+
+# 256-bit Camellia key: B038B132CD8E06612267FAB7170066D88AECCBA0B744BFC60DC89BCA182D0715
+# Key usage: 3
+# Random confounder: CF9BCA6DF1144E0C0AF9B8F34C90D514
+# Plaintext: 13 bytes byte (31332062797465732062797465)
+Cipher = CAMELLIA-256-CBC-CTS
+CTSMode = CS3
+Key = CD8A10E279DADDB6901EC30BDF9873250F6EFC6A77367D74DC3EE7F74BC7774E
+IV = 00000000000000000000000000000000
+Plaintext = CF9BCA6DF1144E0C0AF9B8F34C90D51431332062797465732062797465
+Ciphertext = EEEC85A9813CDC536772AB9B42DEFC5706F726E975DDE05A87EB5406EA
+
+# 256-bit Camellia key: CCFCD349BF4C6677E86E4B02B8EAB924A546AC731CF9BF6989B996E7D6BFBBA7
+# Key usage: 4
+# Random confounder: 644DEF38DA35007275878D216855E228
+# Plaintext: 30 bytes bytes bytes bytes byt (333020627974657320627974657320627974657320627974657320627974)
+Cipher = CAMELLIA-256-CBC-CTS
+CTSMode = CS3
+Key = 1D5147F34BB001A04A68A71346E7654E0223A60D90BC2B79B4D87956D47CD42A
+IV = 00000000000000000000000000000000
+Plaintext = 644DEF38DA35007275878D216855E228333020627974657320627974657320627974657320627974657320627974
+Ciphertext = 0E44680985855F2D1F1812529CA83BFD8E349DE6FD9ADA0BAAA048D68E265FEBF34AD1255A344999AD37146887A6