[openssh.git] / cipher-ctr.c

/*
 * Copyright (c) 2003 Markus Friedl.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
#include "includes.h"
RCSID("$OpenBSD: cipher-ctr.c,v 1.1 2003/05/17 04:27:52 markus Exp $");

#include <openssl/evp.h>

#include "log.h"
#include "xmalloc.h"

#if OPENSSL_VERSION_NUMBER < 0x00907000L
#include "rijndael.h"
#define AES_KEY rijndael_ctx
#define AES_BLOCK_SIZE 16
#define AES_encrypt(a, b, c) rijndael_encrypt(c, a, b)
#define AES_set_encrypt_key(a, b, c) rijndael_set_key(c, (char *)a, b, 1)
#else
#include <openssl/aes.h>
#endif

const EVP_CIPHER *evp_aes_128_ctr(void);
void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);

struct ssh_aes_ctr_ctx
{
	AES_KEY		aes_ctx;
	u_char		aes_counter[AES_BLOCK_SIZE];
};

/*
 * increment counter 'ctr',
 * the counter is of size 'len' bytes and stored in network-byte-order.
 * (LSB at ctr[len-1], MSB at ctr[0])
 */
static void
ssh_ctr_inc(u_char *ctr, u_int len)
{
	int i;

	for (i = len - 1; i >= 0; i--)
		if (++ctr[i])	/* continue on overflow */
			return;
}

static int
ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
    u_int len)
{
	struct ssh_aes_ctr_ctx *c;
	u_int n = 0;
	u_char buf[AES_BLOCK_SIZE];

	if (len == 0)
		return (1);
	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
		return (0);

	while ((len--) > 0) {
		if (n == 0) {
			AES_encrypt(c->aes_counter, buf, &c->aes_ctx);
			ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
		}
		*(dest++) = *(src++) ^ buf[n];
		n = (n + 1) % AES_BLOCK_SIZE;
	}
	return (1);
}

static int
ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
    int enc)
{
	struct ssh_aes_ctr_ctx *c;

	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
		c = xmalloc(sizeof(*c));
		EVP_CIPHER_CTX_set_app_data(ctx, c);
	}
	if (key != NULL)
                AES_set_encrypt_key(key, ctx->key_len * 8, &c->aes_ctx);
	if (iv != NULL)
		memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
	return (1);
}

static int
ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
{
	struct ssh_aes_ctr_ctx *c;

	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
		memset(c, 0, sizeof(*c));
		xfree(c);
		EVP_CIPHER_CTX_set_app_data(ctx, NULL);
	}
	return (1);
}

void
ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, u_int len)
{
	struct ssh_aes_ctr_ctx *c;

	if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
		fatal("ssh_aes_ctr_iv: no context");
	if (doset)
		memcpy(c->aes_counter, iv, len);
	else
		memcpy(iv, c->aes_counter, len);
}

const EVP_CIPHER *
evp_aes_128_ctr(void)
{
	static EVP_CIPHER aes_ctr;

	memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
	aes_ctr.nid = NID_undef;
	aes_ctr.block_size = AES_BLOCK_SIZE;
	aes_ctr.iv_len = AES_BLOCK_SIZE;
	aes_ctr.key_len = 16;
	aes_ctr.init = ssh_aes_ctr_init;
	aes_ctr.cleanup = ssh_aes_ctr_cleanup;
	aes_ctr.do_cipher = ssh_aes_ctr;
	aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
	    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
	return (&aes_ctr);
}
Commit	Line	Data
25b66522	1	/*
	2	* Copyright (c) 2003 Markus Friedl. All rights reserved.
	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	*
	13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	23	*/
	24	#include "includes.h"
	25	RCSID("$OpenBSD: cipher-ctr.c,v 1.1 2003/05/17 04:27:52 markus Exp $");
	26
	27	#include <openssl/evp.h>
	28
	29	#include "log.h"
	30	#include "xmalloc.h"
	31
	32	#if OPENSSL_VERSION_NUMBER < 0x00907000L
	33	#include "rijndael.h"
	34	#define AES_KEY rijndael_ctx
	35	#define AES_BLOCK_SIZE 16
	36	#define AES_encrypt(a, b, c) rijndael_encrypt(c, a, b)
	37	#define AES_set_encrypt_key(a, b, c) rijndael_set_key(c, (char *)a, b, 1)
	38	#else
	39	#include <openssl/aes.h>
	40	#endif
	41
	42	const EVP_CIPHER *evp_aes_128_ctr(void);
	43	void ssh_aes_ctr_iv(EVP_CIPHER_CTX , int, u_char , u_int);
	44
	45	struct ssh_aes_ctr_ctx
	46	{
	47	AES_KEY aes_ctx;
	48	u_char aes_counter[AES_BLOCK_SIZE];
	49	};
	50
	51	/*
	52	* increment counter 'ctr',
	53	* the counter is of size 'len' bytes and stored in network-byte-order.
	54	* (LSB at ctr[len-1], MSB at ctr[0])
	55	*/
	56	static void
	57	ssh_ctr_inc(u_char *ctr, u_int len)
	58	{
	59	int i;
	60
	61	for (i = len - 1; i >= 0; i--)
	62	if (++ctr[i]) /* continue on overflow */
	63	return;
	64	}
65
66	static int
67	ssh_aes_ctr(EVP_CIPHER_CTX ctx, u_char dest, const u_char *src,
68	u_int len)
69	{
70	struct ssh_aes_ctr_ctx *c;
71	u_int n = 0;
72	u_char buf[AES_BLOCK_SIZE];
73
74	if (len == 0)
75	return (1);
76	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
77	return (0);
78
79	while ((len--) > 0) {
80	if (n == 0) {
81	AES_encrypt(c->aes_counter, buf, &c->aes_ctx);
82	ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
83	}
84	(dest++) = (src++) ^ buf[n];
85	n = (n + 1) % AES_BLOCK_SIZE;
86	}
87	return (1);
88	}
89
90	static int
91	ssh_aes_ctr_init(EVP_CIPHER_CTX ctx, const u_char key, const u_char *iv,
92	int enc)
93	{
94	struct ssh_aes_ctr_ctx *c;
95
96	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
97	c = xmalloc(sizeof(*c));
98	EVP_CIPHER_CTX_set_app_data(ctx, c);
99	}
100	if (key != NULL)
101	AES_set_encrypt_key(key, ctx->key_len * 8, &c->aes_ctx);
102	if (iv != NULL)
103	memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
104	return (1);
105	}
106
107	static int
108	ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
109	{
110	struct ssh_aes_ctr_ctx *c;
111
112	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
113	memset(c, 0, sizeof(*c));
114	xfree(c);
115	EVP_CIPHER_CTX_set_app_data(ctx, NULL);
116	}
117	return (1);
118	}
119
120	void
121	ssh_aes_ctr_iv(EVP_CIPHER_CTX evp, int doset, u_char iv, u_int len)
122	{
123	struct ssh_aes_ctr_ctx *c;
124
125	if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
126	fatal("ssh_aes_ctr_iv: no context");
127	if (doset)
128	memcpy(c->aes_counter, iv, len);
129	else
130	memcpy(iv, c->aes_counter, len);
131	}
132
133	const EVP_CIPHER *
134	evp_aes_128_ctr(void)
135	{
136	static EVP_CIPHER aes_ctr;
137
138	memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
139	aes_ctr.nid = NID_undef;
140	aes_ctr.block_size = AES_BLOCK_SIZE;
141	aes_ctr.iv_len = AES_BLOCK_SIZE;
142	aes_ctr.key_len = 16;
143	aes_ctr.init = ssh_aes_ctr_init;
144	aes_ctr.cleanup = ssh_aes_ctr_cleanup;
145	aes_ctr.do_cipher = ssh_aes_ctr;
146	aes_ctr.flags = EVP_CIPH_CBC_MODE \| EVP_CIPH_VARIABLE_LENGTH \|
147	EVP_CIPH_ALWAYS_CALL_INIT \| EVP_CIPH_CUSTOM_IV;
148	return (&aes_ctr);
149	}