cipher-ctr.c 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188
  1. /* $OpenBSD: cipher-ctr.c,v 1.11 2010/10/01 23:05:32 djm Exp $ */
  2. /*
  3. * Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
  4. *
  5. * Permission to use, copy, modify, and distribute this software for any
  6. * purpose with or without fee is hereby granted, provided that the above
  7. * copyright notice and this permission notice appear in all copies.
  8. *
  9. * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  10. * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  11. * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  12. * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  13. * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  14. * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  15. * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  16. */
  17. #include "includes.h"
  18. #if defined(WITH_OPENSSL) && !defined(OPENSSL_HAVE_EVPCTR)
  19. #include <sys/types.h>
  20. #include <stdarg.h>
  21. #include <string.h>
  22. #include <openssl/evp.h>
  23. #include "xmalloc.h"
  24. #include "log.h"
  25. /* compatibility with old or broken OpenSSL versions */
  26. #include "openbsd-compat/openssl-compat.h"
  27. #ifndef USE_BUILTIN_RIJNDAEL
  28. #include <openssl/aes.h>
  29. #endif
  30. struct ssh_aes_ctr_ctx
  31. {
  32. EVP_CIPHER_CTX ecbctx;
  33. u_char aes_counter[AES_BLOCK_SIZE];
  34. };
  35. /*
  36. * increment counter 'ctr',
  37. * the counter is of size 'len' bytes and stored in network-byte-order.
  38. * (LSB at ctr[len-1], MSB at ctr[0])
  39. */
  40. static void
  41. ssh_ctr_inc(u_char *ctr, size_t len)
  42. {
  43. int i;
  44. for (i = len - 1; i >= 0; i--)
  45. if (++ctr[i]) /* continue on overflow */
  46. return;
  47. }
  48. static int
  49. ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
  50. LIBCRYPTO_EVP_INL_TYPE len)
  51. {
  52. struct ssh_aes_ctr_ctx *c;
  53. size_t n = 0;
  54. u_char ctrbuf[AES_BLOCK_SIZE*256];
  55. u_char buf[AES_BLOCK_SIZE*256];
  56. if (len == 0)
  57. return (1);
  58. if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
  59. return (0);
  60. for (; len > 0; len -= sizeof(u_int)) {
  61. u_int r,a,b;
  62. if (n == 0) {
  63. int outl, i, buflen;
  64. buflen = MIN(len, sizeof(ctrbuf));
  65. for(i = 0; i < buflen; i += AES_BLOCK_SIZE) {
  66. memcpy(&ctrbuf[i], c->aes_counter, AES_BLOCK_SIZE);
  67. ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
  68. }
  69. EVP_EncryptUpdate(&c->ecbctx, buf, &outl,
  70. ctrbuf, buflen);
  71. }
  72. memcpy(&a, src, sizeof(a));
  73. memcpy(&b, &buf[n], sizeof(b));
  74. r = a ^ b;
  75. memcpy(dest, &r, sizeof(r));
  76. src += sizeof(a);
  77. dest += sizeof(r);
  78. n = (n + sizeof(b)) % sizeof(buf);
  79. }
  80. memset(ctrbuf, '\0', sizeof(ctrbuf));
  81. memset(buf, '\0', sizeof(buf));
  82. return (1);
  83. }
  84. static int
  85. ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
  86. int enc)
  87. {
  88. struct ssh_aes_ctr_ctx *c;
  89. if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
  90. c = xmalloc(sizeof(*c));
  91. EVP_CIPHER_CTX_set_app_data(ctx, c);
  92. }
  93. EVP_CIPHER_CTX_init(&c->ecbctx);
  94. if (key != NULL) {
  95. const EVP_CIPHER *cipher;
  96. switch(EVP_CIPHER_CTX_key_length(ctx)*8) {
  97. case 128:
  98. cipher = EVP_aes_128_ecb();
  99. break;
  100. case 192:
  101. cipher = EVP_aes_192_ecb();
  102. break;
  103. case 256:
  104. cipher = EVP_aes_256_ecb();
  105. break;
  106. default:
  107. fatal("ssh_aes_ctr_init: wrong aes key length");
  108. }
  109. if(!EVP_EncryptInit_ex(&c->ecbctx, cipher, NULL, key, NULL))
  110. fatal("ssh_aes_ctr_init: cannot initialize aes encryption");
  111. EVP_CIPHER_CTX_set_padding(&c->ecbctx, 0);
  112. }
  113. if (iv != NULL)
  114. memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
  115. return (1);
  116. }
  117. static int
  118. ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
  119. {
  120. struct ssh_aes_ctr_ctx *c;
  121. if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
  122. EVP_CIPHER_CTX_cleanup(&c->ecbctx);
  123. memset(c, 0, sizeof(*c));
  124. free(c);
  125. EVP_CIPHER_CTX_set_app_data(ctx, NULL);
  126. }
  127. return (1);
  128. }
  129. void
  130. ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, size_t len)
  131. {
  132. struct ssh_aes_ctr_ctx *c;
  133. if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
  134. fatal("ssh_aes_ctr_iv: no context");
  135. if (doset)
  136. memcpy(c->aes_counter, iv, len);
  137. else
  138. memcpy(iv, c->aes_counter, len);
  139. }
  140. const EVP_CIPHER *
  141. evp_aes_128_ctr(void)
  142. {
  143. static EVP_CIPHER aes_ctr;
  144. memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
  145. aes_ctr.nid = NID_undef;
  146. aes_ctr.block_size = AES_BLOCK_SIZE;
  147. aes_ctr.iv_len = AES_BLOCK_SIZE;
  148. aes_ctr.key_len = 16;
  149. aes_ctr.init = ssh_aes_ctr_init;
  150. aes_ctr.cleanup = ssh_aes_ctr_cleanup;
  151. aes_ctr.do_cipher = ssh_aes_ctr;
  152. #ifndef SSH_OLD_EVP
  153. aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
  154. EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
  155. #endif
  156. return (&aes_ctr);
  157. }
  158. #endif /* defined(WITH_OPENSSL) && !defined(OPENSSL_HAVE_EVPCTR) */