1 /* 2 * Copyright (c) 2003 Markus Friedl <markus@openbsd.org> 3 * 4 * Permission to use, copy, modify, and distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 /* 17 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 18 * Use is subject to license terms. 19 */ 20 21 #include "includes.h" 22 RCSID("$OpenBSD: cipher-ctr.c,v 1.4 2004/02/06 23:41:13 dtucker Exp $"); 23 24 #include <openssl/evp.h> 25 26 #include "log.h" 27 #include "xmalloc.h" 28 #include <openssl/aes.h> 29 30 const EVP_CIPHER *evp_aes_128_ctr(void); 31 void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); 32 33 struct ssh_aes_ctr_ctx 34 { 35 AES_KEY aes_ctx; 36 u_char aes_counter[AES_BLOCK_SIZE]; 37 }; 38 39 /* 40 * increment counter 'ctr', 41 * the counter is of size 'len' bytes and stored in network-byte-order. 42 * (LSB at ctr[len-1], MSB at ctr[0]) 43 */ 44 static void 45 ssh_ctr_inc(u_char *ctr, u_int len) 46 { 47 int i; 48 49 for (i = len - 1; i >= 0; i--) 50 if (++ctr[i]) /* continue on overflow */ 51 return; 52 } 53 54 static int 55 ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, 56 u_int len) 57 { 58 struct ssh_aes_ctr_ctx *c; 59 u_int n = 0; 60 u_char buf[AES_BLOCK_SIZE]; 61 62 if (len == 0) 63 return (1); 64 if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) 65 return (0); 66 67 while ((len--) > 0) { 68 if (n == 0) { 69 AES_encrypt(c->aes_counter, buf, &c->aes_ctx); 70 ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE); 71 } 72 *(dest++) = *(src++) ^ buf[n]; 73 n = (n + 1) % AES_BLOCK_SIZE; 74 } 75 return (1); 76 } 77 78 static int 79 ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, 80 int enc) 81 { 82 struct ssh_aes_ctr_ctx *c; 83 84 if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { 85 c = xmalloc(sizeof(*c)); 86 EVP_CIPHER_CTX_set_app_data(ctx, c); 87 } 88 if (key != NULL) 89 AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, 90 &c->aes_ctx); 91 if (iv != NULL) 92 memcpy(c->aes_counter, iv, AES_BLOCK_SIZE); 93 return (1); 94 } 95 96 static int 97 ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx) 98 { 99 struct ssh_aes_ctr_ctx *c; 100 101 if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { 102 memset(c, 0, sizeof(*c)); 103 xfree(c); 104 EVP_CIPHER_CTX_set_app_data(ctx, NULL); 105 } 106 return (1); 107 } 108 109 void 110 ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, u_int len) 111 { 112 struct ssh_aes_ctr_ctx *c; 113 114 if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) 115 fatal("ssh_aes_ctr_iv: no context"); 116 if (doset) 117 memcpy(c->aes_counter, iv, len); 118 else 119 memcpy(iv, c->aes_counter, len); 120 } 121 122 /* 123 * Function fills an EVP_CIPHER structure for AES CTR functions based on the NID 124 * and the key length. 125 */ 126 static const EVP_CIPHER * 127 evp_aes_ctr(const char *nid, int key_len, EVP_CIPHER *aes_ctr) 128 { 129 memset(aes_ctr, 0, sizeof(EVP_CIPHER)); 130 /* 131 * If the PKCS#11 engine is used the AES CTR NIDs were dynamically 132 * created during the engine initialization. If the engine is not used 133 * we work with NID_undef's which is OK since in that case OpenSSL 134 * doesn't use NIDs at all. 135 */ 136 if ((aes_ctr->nid = OBJ_ln2nid(nid)) != NID_undef) 137 debug3("%s NID found", nid); 138 139 aes_ctr->block_size = AES_BLOCK_SIZE; 140 aes_ctr->iv_len = AES_BLOCK_SIZE; 141 aes_ctr->key_len = key_len; 142 aes_ctr->init = ssh_aes_ctr_init; 143 aes_ctr->cleanup = ssh_aes_ctr_cleanup; 144 aes_ctr->do_cipher = ssh_aes_ctr; 145 aes_ctr->flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | 146 EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; 147 return (aes_ctr); 148 } 149 150 const EVP_CIPHER * 151 evp_aes_128_ctr(void) 152 { 153 static EVP_CIPHER aes_ctr; 154 155 return (evp_aes_ctr("aes-128-ctr", 16, &aes_ctr)); 156 } 157 158 const EVP_CIPHER * 159 evp_aes_192_ctr(void) 160 { 161 static EVP_CIPHER aes_ctr; 162 163 return (evp_aes_ctr("aes-192-ctr", 24, &aes_ctr)); 164 } 165 166 const EVP_CIPHER * 167 evp_aes_256_ctr(void) 168 { 169 static EVP_CIPHER aes_ctr; 170 171 return (evp_aes_ctr("aes-256-ctr", 32, &aes_ctr)); 172 }