]>
Commit | Line | Data |
---|---|---|
00146caa | 1 | /* $OpenBSD: cipher-ctr.c,v 1.9 2006/07/22 20:48:22 stevesk Exp $ */ |
25b66522 | 2 | /* |
0a59bd6b | 3 | * Copyright (c) 2003 Markus Friedl <markus@openbsd.org> |
25b66522 | 4 | * |
0a59bd6b | 5 | * Permission to use, copy, modify, and distribute this software for any |
6 | * purpose with or without fee is hereby granted, provided that the above | |
7 | * copyright notice and this permission notice appear in all copies. | |
25b66522 | 8 | * |
0a59bd6b | 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | |
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
25b66522 | 16 | */ |
17 | #include "includes.h" | |
25b66522 | 18 | |
00146caa | 19 | #include <string.h> |
20 | ||
25b66522 | 21 | #include <openssl/evp.h> |
22 | ||
23 | #include "log.h" | |
24 | #include "xmalloc.h" | |
25 | ||
e5146707 | 26 | /* compatibility with old or broken OpenSSL versions */ |
27 | #include "openbsd-compat/openssl-compat.h" | |
0a23d79f | 28 | |
e5146707 | 29 | #ifdef USE_BUILTIN_RIJNDAEL |
25b66522 | 30 | #include "rijndael.h" |
31 | #define AES_KEY rijndael_ctx | |
32 | #define AES_BLOCK_SIZE 16 | |
33 | #define AES_encrypt(a, b, c) rijndael_encrypt(c, a, b) | |
34 | #define AES_set_encrypt_key(a, b, c) rijndael_set_key(c, (char *)a, b, 1) | |
35 | #else | |
36 | #include <openssl/aes.h> | |
37 | #endif | |
38 | ||
39 | const EVP_CIPHER *evp_aes_128_ctr(void); | |
40 | void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); | |
41 | ||
42 | struct ssh_aes_ctr_ctx | |
43 | { | |
44 | AES_KEY aes_ctx; | |
45 | u_char aes_counter[AES_BLOCK_SIZE]; | |
46 | }; | |
47 | ||
48 | /* | |
49 | * increment counter 'ctr', | |
50 | * the counter is of size 'len' bytes and stored in network-byte-order. | |
51 | * (LSB at ctr[len-1], MSB at ctr[0]) | |
52 | */ | |
53 | static void | |
54 | ssh_ctr_inc(u_char *ctr, u_int len) | |
55 | { | |
56 | int i; | |
57 | ||
58 | for (i = len - 1; i >= 0; i--) | |
59 | if (++ctr[i]) /* continue on overflow */ | |
60 | return; | |
61 | } | |
62 | ||
63 | static int | |
64 | ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, | |
65 | u_int len) | |
66 | { | |
67 | struct ssh_aes_ctr_ctx *c; | |
68 | u_int n = 0; | |
69 | u_char buf[AES_BLOCK_SIZE]; | |
70 | ||
71 | if (len == 0) | |
72 | return (1); | |
73 | if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) | |
74 | return (0); | |
75 | ||
76 | while ((len--) > 0) { | |
77 | if (n == 0) { | |
78 | AES_encrypt(c->aes_counter, buf, &c->aes_ctx); | |
79 | ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE); | |
80 | } | |
81 | *(dest++) = *(src++) ^ buf[n]; | |
82 | n = (n + 1) % AES_BLOCK_SIZE; | |
83 | } | |
84 | return (1); | |
85 | } | |
86 | ||
87 | static int | |
88 | ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, | |
89 | int enc) | |
90 | { | |
91 | struct ssh_aes_ctr_ctx *c; | |
92 | ||
93 | if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { | |
94 | c = xmalloc(sizeof(*c)); | |
95 | EVP_CIPHER_CTX_set_app_data(ctx, c); | |
96 | } | |
97 | if (key != NULL) | |
59d51274 | 98 | AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, |
4e2e5cfd | 99 | &c->aes_ctx); |
25b66522 | 100 | if (iv != NULL) |
101 | memcpy(c->aes_counter, iv, AES_BLOCK_SIZE); | |
102 | return (1); | |
103 | } | |
104 | ||
105 | static int | |
106 | ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx) | |
107 | { | |
108 | struct ssh_aes_ctr_ctx *c; | |
109 | ||
110 | if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { | |
111 | memset(c, 0, sizeof(*c)); | |
112 | xfree(c); | |
113 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); | |
114 | } | |
115 | return (1); | |
116 | } | |
117 | ||
118 | void | |
119 | ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, u_int len) | |
120 | { | |
121 | struct ssh_aes_ctr_ctx *c; | |
122 | ||
123 | if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) | |
124 | fatal("ssh_aes_ctr_iv: no context"); | |
125 | if (doset) | |
126 | memcpy(c->aes_counter, iv, len); | |
127 | else | |
128 | memcpy(iv, c->aes_counter, len); | |
129 | } | |
130 | ||
131 | const EVP_CIPHER * | |
132 | evp_aes_128_ctr(void) | |
133 | { | |
134 | static EVP_CIPHER aes_ctr; | |
135 | ||
136 | memset(&aes_ctr, 0, sizeof(EVP_CIPHER)); | |
137 | aes_ctr.nid = NID_undef; | |
138 | aes_ctr.block_size = AES_BLOCK_SIZE; | |
139 | aes_ctr.iv_len = AES_BLOCK_SIZE; | |
140 | aes_ctr.key_len = 16; | |
141 | aes_ctr.init = ssh_aes_ctr_init; | |
142 | aes_ctr.cleanup = ssh_aes_ctr_cleanup; | |
143 | aes_ctr.do_cipher = ssh_aes_ctr; | |
0a23d79f | 144 | #ifndef SSH_OLD_EVP |
25b66522 | 145 | aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | |
146 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; | |
0a23d79f | 147 | #endif |
25b66522 | 148 | return (&aes_ctr); |
149 | } |