/* * Copyright (c) 2003 Markus Friedl * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #include "includes.h" RCSID("$OpenBSD: cipher-ctr.c,v 1.4 2004/02/06 23:41:13 dtucker Exp $"); #include #include "log.h" #include "xmalloc.h" #include const EVP_CIPHER *evp_aes_128_ctr(void); void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); struct ssh_aes_ctr_ctx { AES_KEY aes_ctx; u_char aes_counter[AES_BLOCK_SIZE]; }; /* * increment counter 'ctr', * the counter is of size 'len' bytes and stored in network-byte-order. * (LSB at ctr[len-1], MSB at ctr[0]) */ static void ssh_ctr_inc(u_char *ctr, u_int len) { int i; for (i = len - 1; i >= 0; i--) if (++ctr[i]) /* continue on overflow */ return; } static int ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len) { struct ssh_aes_ctr_ctx *c; u_int n = 0; u_char buf[AES_BLOCK_SIZE]; if (len == 0) return (1); if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) return (0); while ((len--) > 0) { if (n == 0) { AES_encrypt(c->aes_counter, buf, &c->aes_ctx); ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE); } *(dest++) = *(src++) ^ buf[n]; n = (n + 1) % AES_BLOCK_SIZE; } return (1); } static int ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, int enc) { struct ssh_aes_ctr_ctx *c; if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { c = xmalloc(sizeof(*c)); EVP_CIPHER_CTX_set_app_data(ctx, c); } if (key != NULL) AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, &c->aes_ctx); if (iv != NULL) memcpy(c->aes_counter, iv, AES_BLOCK_SIZE); return (1); } static int ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx) { struct ssh_aes_ctr_ctx *c; if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { memset(c, 0, sizeof(*c)); xfree(c); EVP_CIPHER_CTX_set_app_data(ctx, NULL); } return (1); } void ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, u_int len) { struct ssh_aes_ctr_ctx *c; if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) fatal("ssh_aes_ctr_iv: no context"); if (doset) memcpy(c->aes_counter, iv, len); else memcpy(iv, c->aes_counter, len); } /* * Function fills an EVP_CIPHER structure for AES CTR functions based on the NID * and the key length. */ static const EVP_CIPHER * evp_aes_ctr(const char *nid, int key_len, EVP_CIPHER *aes_ctr) { memset(aes_ctr, 0, sizeof(EVP_CIPHER)); /* * If the PKCS#11 engine is used the AES CTR NIDs were dynamically * created during the engine initialization. If the engine is not used * we work with NID_undef's which is OK since in that case OpenSSL * doesn't use NIDs at all. */ if ((aes_ctr->nid = OBJ_ln2nid(nid)) != NID_undef) debug3("%s NID found", nid); aes_ctr->block_size = AES_BLOCK_SIZE; aes_ctr->iv_len = AES_BLOCK_SIZE; aes_ctr->key_len = key_len; aes_ctr->init = ssh_aes_ctr_init; aes_ctr->cleanup = ssh_aes_ctr_cleanup; aes_ctr->do_cipher = ssh_aes_ctr; aes_ctr->flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; return (aes_ctr); } const EVP_CIPHER * evp_aes_128_ctr(void) { static EVP_CIPHER aes_ctr; return (evp_aes_ctr("aes-128-ctr", 16, &aes_ctr)); } const EVP_CIPHER * evp_aes_192_ctr(void) { static EVP_CIPHER aes_ctr; return (evp_aes_ctr("aes-192-ctr", 24, &aes_ctr)); } const EVP_CIPHER * evp_aes_256_ctr(void) { static EVP_CIPHER aes_ctr; return (evp_aes_ctr("aes-256-ctr", 32, &aes_ctr)); }