[openssh.git] / cipher-ctr.c

/*
 * Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
#include "includes.h"
RCSID("$OpenBSD: cipher-ctr.c,v 1.3 2003/11/21 11:57:03 djm Exp $");

#include <openssl/evp.h>

#include "log.h"
#include "xmalloc.h"

#if OPENSSL_VERSION_NUMBER < 0x00906000L
#define SSH_OLD_EVP
#endif

#if OPENSSL_VERSION_NUMBER < 0x00907000L
#include "rijndael.h"
#define AES_KEY rijndael_ctx
#define AES_BLOCK_SIZE 16
#define AES_encrypt(a, b, c) rijndael_encrypt(c, a, b)
#define AES_set_encrypt_key(a, b, c) rijndael_set_key(c, (char *)a, b, 1)
#else
#include <openssl/aes.h>
#endif

const EVP_CIPHER *evp_aes_128_ctr(void);
void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);

struct ssh_aes_ctr_ctx
{
	AES_KEY		aes_ctx;
	u_char		aes_counter[AES_BLOCK_SIZE];
};

/*
 * increment counter 'ctr',
 * the counter is of size 'len' bytes and stored in network-byte-order.
 * (LSB at ctr[len-1], MSB at ctr[0])
 */
static void
ssh_ctr_inc(u_char *ctr, u_int len)
{
	int i;

	for (i = len - 1; i >= 0; i--)
		if (++ctr[i])	/* continue on overflow */
			return;
}

static int
ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
    u_int len)
{
	struct ssh_aes_ctr_ctx *c;
	u_int n = 0;
	u_char buf[AES_BLOCK_SIZE];

	if (len == 0)
		return (1);
	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
		return (0);

	while ((len--) > 0) {
		if (n == 0) {
			AES_encrypt(c->aes_counter, buf, &c->aes_ctx);
			ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
		}
		*(dest++) = *(src++) ^ buf[n];
		n = (n + 1) % AES_BLOCK_SIZE;
	}
	return (1);
}

static int
ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
    int enc)
{
	struct ssh_aes_ctr_ctx *c;

	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
		c = xmalloc(sizeof(*c));
		EVP_CIPHER_CTX_set_app_data(ctx, c);
	}
	if (key != NULL)
		AES_set_encrypt_key(key, ctx->key_len * 8, &c->aes_ctx);
	if (iv != NULL)
		memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
	return (1);
}

static int
ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
{
	struct ssh_aes_ctr_ctx *c;

	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
		memset(c, 0, sizeof(*c));
		xfree(c);
		EVP_CIPHER_CTX_set_app_data(ctx, NULL);
	}
	return (1);
}

void
ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, u_int len)
{
	struct ssh_aes_ctr_ctx *c;

	if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
		fatal("ssh_aes_ctr_iv: no context");
	if (doset)
		memcpy(c->aes_counter, iv, len);
	else
		memcpy(iv, c->aes_counter, len);
}

const EVP_CIPHER *
evp_aes_128_ctr(void)
{
	static EVP_CIPHER aes_ctr;

	memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
	aes_ctr.nid = NID_undef;
	aes_ctr.block_size = AES_BLOCK_SIZE;
	aes_ctr.iv_len = AES_BLOCK_SIZE;
	aes_ctr.key_len = 16;
	aes_ctr.init = ssh_aes_ctr_init;
	aes_ctr.cleanup = ssh_aes_ctr_cleanup;
	aes_ctr.do_cipher = ssh_aes_ctr;
#ifndef SSH_OLD_EVP
	aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
	    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
#endif
	return (&aes_ctr);
}
Commit	Line	Data
25b66522	1	/*
0a59bd6b	2	* Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
25b66522	3	*
0a59bd6b	4	* Permission to use, copy, modify, and distribute this software for any
	5	* purpose with or without fee is hereby granted, provided that the above
	6	* copyright notice and this permission notice appear in all copies.
25b66522	7	*
0a59bd6b	8	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	9	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	10	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	11	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	12	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	13	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	14	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
25b66522	15	*/
25b66522	16	#include "includes.h"
aff51935	17	RCSID("$OpenBSD: cipher-ctr.c,v 1.3 2003/11/21 11:57:03 djm Exp $");
25b66522	18
	19	#include <openssl/evp.h>
	20
	21	#include "log.h"
	22	#include "xmalloc.h"
	23
0a23d79f	24	#if OPENSSL_VERSION_NUMBER < 0x00906000L
	25	#define SSH_OLD_EVP
	26	#endif
	27
25b66522	28	#if OPENSSL_VERSION_NUMBER < 0x00907000L
	29	#include "rijndael.h"
	30	#define AES_KEY rijndael_ctx
	31	#define AES_BLOCK_SIZE 16
	32	#define AES_encrypt(a, b, c) rijndael_encrypt(c, a, b)
	33	#define AES_set_encrypt_key(a, b, c) rijndael_set_key(c, (char *)a, b, 1)
	34	#else
	35	#include <openssl/aes.h>
	36	#endif
	37
	38	const EVP_CIPHER *evp_aes_128_ctr(void);
	39	void ssh_aes_ctr_iv(EVP_CIPHER_CTX , int, u_char , u_int);
	40
	41	struct ssh_aes_ctr_ctx
	42	{
	43	AES_KEY aes_ctx;
	44	u_char aes_counter[AES_BLOCK_SIZE];
	45	};
	46
	47	/*
	48	* increment counter 'ctr',
	49	* the counter is of size 'len' bytes and stored in network-byte-order.
	50	* (LSB at ctr[len-1], MSB at ctr[0])
	51	*/
	52	static void
	53	ssh_ctr_inc(u_char *ctr, u_int len)
	54	{
	55	int i;
	56
	57	for (i = len - 1; i >= 0; i--)
	58	if (++ctr[i]) /* continue on overflow */
	59	return;
	60	}
	61
	62	static int
	63	ssh_aes_ctr(EVP_CIPHER_CTX ctx, u_char dest, const u_char *src,
	64	u_int len)
	65	{
	66	struct ssh_aes_ctr_ctx *c;
	67	u_int n = 0;
	68	u_char buf[AES_BLOCK_SIZE];
	69
	70	if (len == 0)
	71	return (1);
	72	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
	73	return (0);
	74
	75	while ((len--) > 0) {
	76	if (n == 0) {
	77	AES_encrypt(c->aes_counter, buf, &c->aes_ctx);
	78	ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
	79	}
	80	(dest++) = (src++) ^ buf[n];
	81	n = (n + 1) % AES_BLOCK_SIZE;
	82	}
	83	return (1);
	84	}
	85
	86	static int
	87	ssh_aes_ctr_init(EVP_CIPHER_CTX ctx, const u_char key, const u_char *iv,
	88	int enc)
	89	{
	90	struct ssh_aes_ctr_ctx *c;
	91
92	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
93	c = xmalloc(sizeof(*c));
94	EVP_CIPHER_CTX_set_app_data(ctx, c);
95	}
96	if (key != NULL)
aff51935	97	AES_set_encrypt_key(key, ctx->key_len * 8, &c->aes_ctx);
25b66522	98	if (iv != NULL)
	99	memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
	100	return (1);
	101	}
	102
	103	static int
	104	ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
	105	{
	106	struct ssh_aes_ctr_ctx *c;
	107
	108	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
	109	memset(c, 0, sizeof(*c));
	110	xfree(c);
	111	EVP_CIPHER_CTX_set_app_data(ctx, NULL);
	112	}
	113	return (1);
	114	}
	115
	116	void
	117	ssh_aes_ctr_iv(EVP_CIPHER_CTX evp, int doset, u_char iv, u_int len)
	118	{
	119	struct ssh_aes_ctr_ctx *c;
	120
	121	if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
	122	fatal("ssh_aes_ctr_iv: no context");
	123	if (doset)
	124	memcpy(c->aes_counter, iv, len);
	125	else
	126	memcpy(iv, c->aes_counter, len);
	127	}
	128
	129	const EVP_CIPHER *
	130	evp_aes_128_ctr(void)
	131	{
	132	static EVP_CIPHER aes_ctr;
	133
	134	memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
	135	aes_ctr.nid = NID_undef;
	136	aes_ctr.block_size = AES_BLOCK_SIZE;
	137	aes_ctr.iv_len = AES_BLOCK_SIZE;
	138	aes_ctr.key_len = 16;
	139	aes_ctr.init = ssh_aes_ctr_init;
	140	aes_ctr.cleanup = ssh_aes_ctr_cleanup;
	141	aes_ctr.do_cipher = ssh_aes_ctr;
0a23d79f	142	#ifndef SSH_OLD_EVP
25b66522	143	aes_ctr.flags = EVP_CIPH_CBC_MODE \| EVP_CIPH_VARIABLE_LENGTH \|
25b66522	144	EVP_CIPH_ALWAYS_CALL_INIT \| EVP_CIPH_CUSTOM_IV;
0a23d79f	145	#endif
25b66522	146	return (&aes_ctr);
25b66522	147	}