2 * Copyright (c) 2003 Markus Friedl. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 RCSID("$OpenBSD: cipher-ctr.c,v 1.1 2003/05/17 04:27:52 markus Exp $");
27 #include <openssl/evp.h>
32 #if OPENSSL_VERSION_NUMBER < 0x00907000L
34 #define AES_KEY rijndael_ctx
35 #define AES_BLOCK_SIZE 16
36 #define AES_encrypt(a, b, c) rijndael_encrypt(c, a, b)
37 #define AES_set_encrypt_key(a, b, c) rijndael_set_key(c, (char *)a, b, 1)
39 #include <openssl/aes.h>
42 const EVP_CIPHER *evp_aes_128_ctr(void);
43 void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
45 struct ssh_aes_ctr_ctx
48 u_char aes_counter[AES_BLOCK_SIZE];
52 * increment counter 'ctr',
53 * the counter is of size 'len' bytes and stored in network-byte-order.
54 * (LSB at ctr[len-1], MSB at ctr[0])
57 ssh_ctr_inc(u_char *ctr, u_int len)
61 for (i = len - 1; i >= 0; i--)
62 if (++ctr[i]) /* continue on overflow */
67 ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
70 struct ssh_aes_ctr_ctx *c;
72 u_char buf[AES_BLOCK_SIZE];
76 if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
81 AES_encrypt(c->aes_counter, buf, &c->aes_ctx);
82 ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
84 *(dest++) = *(src++) ^ buf[n];
85 n = (n + 1) % AES_BLOCK_SIZE;
91 ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
94 struct ssh_aes_ctr_ctx *c;
96 if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
97 c = xmalloc(sizeof(*c));
98 EVP_CIPHER_CTX_set_app_data(ctx, c);
101 AES_set_encrypt_key(key, ctx->key_len * 8, &c->aes_ctx);
103 memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
108 ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
110 struct ssh_aes_ctr_ctx *c;
112 if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
113 memset(c, 0, sizeof(*c));
115 EVP_CIPHER_CTX_set_app_data(ctx, NULL);
121 ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, u_int len)
123 struct ssh_aes_ctr_ctx *c;
125 if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
126 fatal("ssh_aes_ctr_iv: no context");
128 memcpy(c->aes_counter, iv, len);
130 memcpy(iv, c->aes_counter, len);
134 evp_aes_128_ctr(void)
136 static EVP_CIPHER aes_ctr;
138 memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
139 aes_ctr.nid = NID_undef;
140 aes_ctr.block_size = AES_BLOCK_SIZE;
141 aes_ctr.iv_len = AES_BLOCK_SIZE;
142 aes_ctr.key_len = 16;
143 aes_ctr.init = ssh_aes_ctr_init;
144 aes_ctr.cleanup = ssh_aes_ctr_cleanup;
145 aes_ctr.do_cipher = ssh_aes_ctr;
146 aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
147 EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;