[openssh.git] / cipher-ctr.c

/* $OpenBSD: cipher-ctr.c,v 1.10 2006/08/03 03:34:42 deraadt Exp $ */
/*
 * Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
#include "includes.h"

#include <sys/types.h>

#include <stdarg.h>
#include <string.h>

#include <openssl/evp.h>

#include "xmalloc.h"
#include "log.h"

/* compatibility with old or broken OpenSSL versions */
#include "openbsd-compat/openssl-compat.h"

#ifndef USE_BUILTIN_RIJNDAEL
#include <openssl/aes.h>
#endif

const EVP_CIPHER *evp_aes_128_ctr(void);
void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);

struct ssh_aes_ctr_ctx
{
	AES_KEY		aes_ctx;
	u_char		aes_counter[AES_BLOCK_SIZE];
};

/*
 * increment counter 'ctr',
 * the counter is of size 'len' bytes and stored in network-byte-order.
 * (LSB at ctr[len-1], MSB at ctr[0])
 */
static void
ssh_ctr_inc(u_char *ctr, u_int len)
{
	int i;

	for (i = len - 1; i >= 0; i--)
		if (++ctr[i])	/* continue on overflow */
			return;
}

static int
ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
    u_int len)
{
	struct ssh_aes_ctr_ctx *c;
	u_int n = 0;
	u_char buf[AES_BLOCK_SIZE];

	if (len == 0)
		return (1);
	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
		return (0);

	while ((len--) > 0) {
		if (n == 0) {
			AES_encrypt(c->aes_counter, buf, &c->aes_ctx);
			ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
		}
		*(dest++) = *(src++) ^ buf[n];
		n = (n + 1) % AES_BLOCK_SIZE;
	}
	return (1);
}

static int
ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
    int enc)
{
	struct ssh_aes_ctr_ctx *c;

	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
		c = xmalloc(sizeof(*c));
		EVP_CIPHER_CTX_set_app_data(ctx, c);
	}
	if (key != NULL)
		AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
		    &c->aes_ctx);
	if (iv != NULL)
		memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
	return (1);
}

static int
ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
{
	struct ssh_aes_ctr_ctx *c;

	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
		memset(c, 0, sizeof(*c));
		xfree(c);
		EVP_CIPHER_CTX_set_app_data(ctx, NULL);
	}
	return (1);
}

void
ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, u_int len)
{
	struct ssh_aes_ctr_ctx *c;

	if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
		fatal("ssh_aes_ctr_iv: no context");
	if (doset)
		memcpy(c->aes_counter, iv, len);
	else
		memcpy(iv, c->aes_counter, len);
}

const EVP_CIPHER *
evp_aes_128_ctr(void)
{
	static EVP_CIPHER aes_ctr;

	memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
	aes_ctr.nid = NID_undef;
	aes_ctr.block_size = AES_BLOCK_SIZE;
	aes_ctr.iv_len = AES_BLOCK_SIZE;
	aes_ctr.key_len = 16;
	aes_ctr.init = ssh_aes_ctr_init;
	aes_ctr.cleanup = ssh_aes_ctr_cleanup;
	aes_ctr.do_cipher = ssh_aes_ctr;
#ifndef SSH_OLD_EVP
	aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
	    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
#endif
	return (&aes_ctr);
}
Commit	Line	Data
31652869	1	/* $OpenBSD: cipher-ctr.c,v 1.10 2006/08/03 03:34:42 deraadt Exp $ */
25b66522	2	/*
0a59bd6b	3	* Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
25b66522	4	*
0a59bd6b	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
25b66522	8	*
0a59bd6b	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
25b66522	16	*/
25b66522	17	#include "includes.h"
25b66522	18
31652869	19	#include <sys/types.h>
31652869	20
24436b92	21	#include <stdarg.h>
00146caa	22	#include <string.h>
00146caa	23
25b66522	24	#include <openssl/evp.h>
25b66522	25
25b66522	26	#include "xmalloc.h"
31652869	27	#include "log.h"
25b66522	28
e5146707	29	/* compatibility with old or broken OpenSSL versions */
e5146707	30	#include "openbsd-compat/openssl-compat.h"
0a23d79f	31
cc43e894	32	#ifndef USE_BUILTIN_RIJNDAEL
25b66522	33	#include <openssl/aes.h>
	34	#endif
	35
	36	const EVP_CIPHER *evp_aes_128_ctr(void);
	37	void ssh_aes_ctr_iv(EVP_CIPHER_CTX , int, u_char , u_int);
	38
	39	struct ssh_aes_ctr_ctx
	40	{
	41	AES_KEY aes_ctx;
	42	u_char aes_counter[AES_BLOCK_SIZE];
	43	};
	44
	45	/*
	46	* increment counter 'ctr',
	47	* the counter is of size 'len' bytes and stored in network-byte-order.
	48	* (LSB at ctr[len-1], MSB at ctr[0])
	49	*/
	50	static void
	51	ssh_ctr_inc(u_char *ctr, u_int len)
	52	{
	53	int i;
	54
	55	for (i = len - 1; i >= 0; i--)
	56	if (++ctr[i]) /* continue on overflow */
	57	return;
	58	}
	59
	60	static int
	61	ssh_aes_ctr(EVP_CIPHER_CTX ctx, u_char dest, const u_char *src,
	62	u_int len)
	63	{
	64	struct ssh_aes_ctr_ctx *c;
	65	u_int n = 0;
	66	u_char buf[AES_BLOCK_SIZE];
	67
	68	if (len == 0)
	69	return (1);
	70	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
	71	return (0);
	72
	73	while ((len--) > 0) {
	74	if (n == 0) {
	75	AES_encrypt(c->aes_counter, buf, &c->aes_ctx);
	76	ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
	77	}
	78	(dest++) = (src++) ^ buf[n];
	79	n = (n + 1) % AES_BLOCK_SIZE;
	80	}
	81	return (1);
	82	}
	83
	84	static int
	85	ssh_aes_ctr_init(EVP_CIPHER_CTX ctx, const u_char key, const u_char *iv,
	86	int enc)
	87	{
	88	struct ssh_aes_ctr_ctx *c;
	89
	90	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
	91	c = xmalloc(sizeof(*c));
	92	EVP_CIPHER_CTX_set_app_data(ctx, c);
	93	}
	94	if (key != NULL)
59d51274	95	AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
4e2e5cfd	96	&c->aes_ctx);
25b66522	97	if (iv != NULL)
	98	memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
	99	return (1);
	100	}
	101
	102	static int
	103	ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
	104	{
	105	struct ssh_aes_ctr_ctx *c;
	106
	107	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
	108	memset(c, 0, sizeof(*c));
	109	xfree(c);
	110	EVP_CIPHER_CTX_set_app_data(ctx, NULL);
	111	}
	112	return (1);
	113	}
	114
	115	void
	116	ssh_aes_ctr_iv(EVP_CIPHER_CTX evp, int doset, u_char iv, u_int len)
	117	{
	118	struct ssh_aes_ctr_ctx *c;
	119
	120	if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
	121	fatal("ssh_aes_ctr_iv: no context");
	122	if (doset)
	123	memcpy(c->aes_counter, iv, len);
	124	else
	125	memcpy(iv, c->aes_counter, len);
	126	}
	127
	128	const EVP_CIPHER *
	129	evp_aes_128_ctr(void)
	130	{
	131	static EVP_CIPHER aes_ctr;
	132
	133	memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
	134	aes_ctr.nid = NID_undef;
	135	aes_ctr.block_size = AES_BLOCK_SIZE;
	136	aes_ctr.iv_len = AES_BLOCK_SIZE;
	137	aes_ctr.key_len = 16;
	138	aes_ctr.init = ssh_aes_ctr_init;
	139	aes_ctr.cleanup = ssh_aes_ctr_cleanup;
	140	aes_ctr.do_cipher = ssh_aes_ctr;
0a23d79f	141	#ifndef SSH_OLD_EVP
25b66522	142	aes_ctr.flags = EVP_CIPH_CBC_MODE \| EVP_CIPH_VARIABLE_LENGTH \|
25b66522	143	EVP_CIPH_ALWAYS_CALL_INIT \| EVP_CIPH_CUSTOM_IV;
0a23d79f	144	#endif
25b66522	145	return (&aes_ctr);
25b66522	146	}