| /* $OpenBSD: cipher-ctr.c,v 1.11 2010/10/01 23:05:32 djm Exp $ */ |
| /* |
| * Copyright (c) 2003 Markus Friedl <markus@openbsd.org> |
| * |
| * Permission to use, copy, modify, and distribute this software for any |
| * purpose with or without fee is hereby granted, provided that the above |
| * copyright notice and this permission notice appear in all copies. |
| * |
| * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
| * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
| * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
| * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| */ |
| #include "includes.h" |
| |
| #include <sys/types.h> |
| |
| #include <stdarg.h> |
| #include <string.h> |
| |
| #include <openssl/evp.h> |
| |
| #include "xmalloc.h" |
| #include "log.h" |
| |
| /* compatibility with old or broken OpenSSL versions */ |
| #include "openbsd-compat/openssl-compat.h" |
| |
| #ifndef USE_BUILTIN_RIJNDAEL |
| #include <openssl/aes.h> |
| #endif |
| |
| const EVP_CIPHER *evp_aes_128_ctr(void); |
| void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t); |
| |
| struct ssh_aes_ctr_ctx |
| { |
| AES_KEY aes_ctx; |
| u_char aes_counter[AES_BLOCK_SIZE]; |
| }; |
| |
| /* |
| * increment counter 'ctr', |
| * the counter is of size 'len' bytes and stored in network-byte-order. |
| * (LSB at ctr[len-1], MSB at ctr[0]) |
| */ |
| static void |
| ssh_ctr_inc(u_char *ctr, size_t len) |
| { |
| int i; |
| |
| for (i = len - 1; i >= 0; i--) |
| if (++ctr[i]) /* continue on overflow */ |
| return; |
| } |
| |
| static int |
| ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, |
| LIBCRYPTO_EVP_INL_TYPE len) |
| { |
| struct ssh_aes_ctr_ctx *c; |
| size_t n = 0; |
| u_char buf[AES_BLOCK_SIZE]; |
| |
| if (len == 0) |
| return (1); |
| if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) |
| return (0); |
| |
| while ((len--) > 0) { |
| if (n == 0) { |
| AES_encrypt(c->aes_counter, buf, &c->aes_ctx); |
| ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE); |
| } |
| *(dest++) = *(src++) ^ buf[n]; |
| n = (n + 1) % AES_BLOCK_SIZE; |
| } |
| return (1); |
| } |
| |
| static int |
| ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, |
| int enc) |
| { |
| struct ssh_aes_ctr_ctx *c; |
| |
| if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { |
| c = xmalloc(sizeof(*c)); |
| EVP_CIPHER_CTX_set_app_data(ctx, c); |
| } |
| if (key != NULL) |
| AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, |
| &c->aes_ctx); |
| if (iv != NULL) |
| memcpy(c->aes_counter, iv, AES_BLOCK_SIZE); |
| return (1); |
| } |
| |
| static int |
| ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx) |
| { |
| struct ssh_aes_ctr_ctx *c; |
| |
| if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { |
| memset(c, 0, sizeof(*c)); |
| xfree(c); |
| EVP_CIPHER_CTX_set_app_data(ctx, NULL); |
| } |
| return (1); |
| } |
| |
| void |
| ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, size_t len) |
| { |
| struct ssh_aes_ctr_ctx *c; |
| |
| if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) |
| fatal("ssh_aes_ctr_iv: no context"); |
| if (doset) |
| memcpy(c->aes_counter, iv, len); |
| else |
| memcpy(iv, c->aes_counter, len); |
| } |
| |
| const EVP_CIPHER * |
| evp_aes_128_ctr(void) |
| { |
| static EVP_CIPHER aes_ctr; |
| |
| memset(&aes_ctr, 0, sizeof(EVP_CIPHER)); |
| aes_ctr.nid = NID_undef; |
| aes_ctr.block_size = AES_BLOCK_SIZE; |
| aes_ctr.iv_len = AES_BLOCK_SIZE; |
| aes_ctr.key_len = 16; |
| aes_ctr.init = ssh_aes_ctr_init; |
| aes_ctr.cleanup = ssh_aes_ctr_cleanup; |
| aes_ctr.do_cipher = ssh_aes_ctr; |
| #ifndef SSH_OLD_EVP |
| aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | |
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; |
| #endif |
| return (&aes_ctr); |
| } |