Annotation of src/usr.bin/ssh/cipher-ctr.c, Revision 1.7
1.1 markus 1: /*
1.2 markus 2: * Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
1.1 markus 3: *
1.2 markus 4: * Permission to use, copy, modify, and distribute this software for any
5: * purpose with or without fee is hereby granted, provided that the above
6: * copyright notice and this permission notice appear in all copies.
1.1 markus 7: *
1.2 markus 8: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.1 markus 15: */
16: #include "includes.h"
17:
18: #include <openssl/evp.h>
1.5 djm 19: #include <openssl/aes.h>
1.1 markus 20:
21: #include "log.h"
22: #include "xmalloc.h"
23:
24: const EVP_CIPHER *evp_aes_128_ctr(void);
25: void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
26:
27: struct ssh_aes_ctr_ctx
28: {
29: AES_KEY aes_ctx;
30: u_char aes_counter[AES_BLOCK_SIZE];
31: };
32:
33: /*
34: * increment counter 'ctr',
35: * the counter is of size 'len' bytes and stored in network-byte-order.
36: * (LSB at ctr[len-1], MSB at ctr[0])
37: */
38: static void
39: ssh_ctr_inc(u_char *ctr, u_int len)
40: {
41: int i;
42:
43: for (i = len - 1; i >= 0; i--)
44: if (++ctr[i]) /* continue on overflow */
45: return;
46: }
47:
48: static int
49: ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
50: u_int len)
51: {
52: struct ssh_aes_ctr_ctx *c;
53: u_int n = 0;
54: u_char buf[AES_BLOCK_SIZE];
55:
56: if (len == 0)
57: return (1);
58: if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
59: return (0);
60:
61: while ((len--) > 0) {
62: if (n == 0) {
63: AES_encrypt(c->aes_counter, buf, &c->aes_ctx);
64: ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
65: }
66: *(dest++) = *(src++) ^ buf[n];
67: n = (n + 1) % AES_BLOCK_SIZE;
68: }
69: return (1);
70: }
71:
72: static int
73: ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
74: int enc)
75: {
76: struct ssh_aes_ctr_ctx *c;
77:
78: if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
79: c = xmalloc(sizeof(*c));
80: EVP_CIPHER_CTX_set_app_data(ctx, c);
81: }
82: if (key != NULL)
1.4 dtucker 83: AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
1.6 djm 84: &c->aes_ctx);
1.1 markus 85: if (iv != NULL)
86: memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
87: return (1);
88: }
89:
90: static int
91: ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
92: {
93: struct ssh_aes_ctr_ctx *c;
94:
95: if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
96: memset(c, 0, sizeof(*c));
97: xfree(c);
98: EVP_CIPHER_CTX_set_app_data(ctx, NULL);
99: }
100: return (1);
101: }
102:
103: void
104: ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, u_int len)
105: {
106: struct ssh_aes_ctr_ctx *c;
107:
108: if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
109: fatal("ssh_aes_ctr_iv: no context");
110: if (doset)
111: memcpy(c->aes_counter, iv, len);
112: else
113: memcpy(iv, c->aes_counter, len);
114: }
115:
116: const EVP_CIPHER *
117: evp_aes_128_ctr(void)
118: {
119: static EVP_CIPHER aes_ctr;
120:
121: memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
122: aes_ctr.nid = NID_undef;
123: aes_ctr.block_size = AES_BLOCK_SIZE;
124: aes_ctr.iv_len = AES_BLOCK_SIZE;
125: aes_ctr.key_len = 16;
126: aes_ctr.init = ssh_aes_ctr_init;
127: aes_ctr.cleanup = ssh_aes_ctr_cleanup;
128: aes_ctr.do_cipher = ssh_aes_ctr;
129: aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
130: EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
131: return (&aes_ctr);
132: }