blob: be82fd3a95b39cd35e7bc53b63a58210ca1e8cfb [file] [log] [blame]
Damien Miller57c30112006-03-26 14:24:48 +11001/* $OpenBSD: cipher-ctr.c,v 1.8 2006/03/25 13:17:01 djm Exp $ */
Damien Millerf5399c22003-05-18 20:53:59 +10002/*
Damien Miller0275b522003-06-18 20:29:35 +10003 * Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
Damien Millerf5399c22003-05-18 20:53:59 +10004 *
Damien Miller0275b522003-06-18 20:29:35 +10005 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
Damien Millerf5399c22003-05-18 20:53:59 +10008 *
Damien Miller0275b522003-06-18 20:29:35 +10009 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Damien Millerf5399c22003-05-18 20:53:59 +100016 */
17#include "includes.h"
Damien Millerf5399c22003-05-18 20:53:59 +100018
19#include <openssl/evp.h>
20
21#include "log.h"
22#include "xmalloc.h"
23
Darren Tucker129d0bb2005-12-19 17:40:40 +110024/* compatibility with old or broken OpenSSL versions */
25#include "openbsd-compat/openssl-compat.h"
Damien Miller5c3a5582003-09-23 22:12:38 +100026
Darren Tucker129d0bb2005-12-19 17:40:40 +110027#ifdef USE_BUILTIN_RIJNDAEL
Damien Millerf5399c22003-05-18 20:53:59 +100028#include "rijndael.h"
29#define AES_KEY rijndael_ctx
30#define AES_BLOCK_SIZE 16
31#define AES_encrypt(a, b, c) rijndael_encrypt(c, a, b)
32#define AES_set_encrypt_key(a, b, c) rijndael_set_key(c, (char *)a, b, 1)
33#else
34#include <openssl/aes.h>
35#endif
36
37const EVP_CIPHER *evp_aes_128_ctr(void);
38void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
39
40struct ssh_aes_ctr_ctx
41{
42 AES_KEY aes_ctx;
43 u_char aes_counter[AES_BLOCK_SIZE];
44};
45
46/*
47 * increment counter 'ctr',
48 * the counter is of size 'len' bytes and stored in network-byte-order.
49 * (LSB at ctr[len-1], MSB at ctr[0])
50 */
51static void
52ssh_ctr_inc(u_char *ctr, u_int len)
53{
54 int i;
55
56 for (i = len - 1; i >= 0; i--)
57 if (++ctr[i]) /* continue on overflow */
58 return;
59}
60
61static int
62ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
63 u_int len)
64{
65 struct ssh_aes_ctr_ctx *c;
66 u_int n = 0;
67 u_char buf[AES_BLOCK_SIZE];
68
69 if (len == 0)
70 return (1);
71 if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
72 return (0);
73
74 while ((len--) > 0) {
75 if (n == 0) {
76 AES_encrypt(c->aes_counter, buf, &c->aes_ctx);
77 ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
78 }
79 *(dest++) = *(src++) ^ buf[n];
80 n = (n + 1) % AES_BLOCK_SIZE;
81 }
82 return (1);
83}
84
85static int
86ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
87 int enc)
88{
89 struct ssh_aes_ctr_ctx *c;
90
91 if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
92 c = xmalloc(sizeof(*c));
93 EVP_CIPHER_CTX_set_app_data(ctx, c);
94 }
95 if (key != NULL)
Darren Tuckerfc57f712004-02-07 10:41:48 +110096 AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
Damien Miller0dc1bef2005-07-17 17:22:45 +100097 &c->aes_ctx);
Damien Millerf5399c22003-05-18 20:53:59 +100098 if (iv != NULL)
99 memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
100 return (1);
101}
102
103static int
104ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
105{
106 struct ssh_aes_ctr_ctx *c;
107
108 if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
109 memset(c, 0, sizeof(*c));
110 xfree(c);
111 EVP_CIPHER_CTX_set_app_data(ctx, NULL);
112 }
113 return (1);
114}
115
116void
117ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, u_int len)
118{
119 struct ssh_aes_ctr_ctx *c;
120
121 if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
122 fatal("ssh_aes_ctr_iv: no context");
123 if (doset)
124 memcpy(c->aes_counter, iv, len);
125 else
126 memcpy(iv, c->aes_counter, len);
127}
128
129const EVP_CIPHER *
130evp_aes_128_ctr(void)
131{
132 static EVP_CIPHER aes_ctr;
133
134 memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
135 aes_ctr.nid = NID_undef;
136 aes_ctr.block_size = AES_BLOCK_SIZE;
137 aes_ctr.iv_len = AES_BLOCK_SIZE;
138 aes_ctr.key_len = 16;
139 aes_ctr.init = ssh_aes_ctr_init;
140 aes_ctr.cleanup = ssh_aes_ctr_cleanup;
141 aes_ctr.do_cipher = ssh_aes_ctr;
Damien Miller5c3a5582003-09-23 22:12:38 +1000142#ifndef SSH_OLD_EVP
Damien Millerf5399c22003-05-18 20:53:59 +1000143 aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
144 EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
Damien Miller5c3a5582003-09-23 22:12:38 +1000145#endif
Damien Millerf5399c22003-05-18 20:53:59 +1000146 return (&aes_ctr);
147}