xref: /titanic_50/usr/src/cmd/ssh/libssh/common/cipher-ctr.c (revision cd7d5faf5bbb52336a6f85578a90b31a648ac3fa)
1 /*
2  * Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 /*
17  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
18  * Use is subject to license terms.
19  */
20 
21 #include "includes.h"
22 RCSID("$OpenBSD: cipher-ctr.c,v 1.4 2004/02/06 23:41:13 dtucker Exp $");
23 
24 #include <openssl/evp.h>
25 
26 #include "log.h"
27 #include "xmalloc.h"
28 #include <openssl/aes.h>
29 
30 const EVP_CIPHER *evp_aes_128_ctr(void);
31 void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
32 
33 struct ssh_aes_ctr_ctx
34 {
35 	AES_KEY		aes_ctx;
36 	u_char		aes_counter[AES_BLOCK_SIZE];
37 };
38 
39 /*
40  * increment counter 'ctr',
41  * the counter is of size 'len' bytes and stored in network-byte-order.
42  * (LSB at ctr[len-1], MSB at ctr[0])
43  */
44 static void
ssh_ctr_inc(u_char * ctr,u_int len)45 ssh_ctr_inc(u_char *ctr, u_int len)
46 {
47 	int i;
48 
49 	for (i = len - 1; i >= 0; i--)
50 		if (++ctr[i])	/* continue on overflow */
51 			return;
52 }
53 
54 static int
ssh_aes_ctr(EVP_CIPHER_CTX * ctx,u_char * dest,const u_char * src,u_int len)55 ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
56     u_int len)
57 {
58 	struct ssh_aes_ctr_ctx *c;
59 	u_int n = 0;
60 	u_char buf[AES_BLOCK_SIZE];
61 
62 	if (len == 0)
63 		return (1);
64 	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
65 		return (0);
66 
67 	while ((len--) > 0) {
68 		if (n == 0) {
69 			AES_encrypt(c->aes_counter, buf, &c->aes_ctx);
70 			ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
71 		}
72 		*(dest++) = *(src++) ^ buf[n];
73 		n = (n + 1) % AES_BLOCK_SIZE;
74 	}
75 	return (1);
76 }
77 
78 static int
ssh_aes_ctr_init(EVP_CIPHER_CTX * ctx,const u_char * key,const u_char * iv,int enc)79 ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
80     int enc)
81 {
82 	struct ssh_aes_ctr_ctx *c;
83 
84 	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
85 		c = xmalloc(sizeof(*c));
86 		EVP_CIPHER_CTX_set_app_data(ctx, c);
87 	}
88 	if (key != NULL)
89 		AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
90 		     &c->aes_ctx);
91 	if (iv != NULL)
92 		memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
93 	return (1);
94 }
95 
96 static int
ssh_aes_ctr_cleanup(EVP_CIPHER_CTX * ctx)97 ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
98 {
99 	struct ssh_aes_ctr_ctx *c;
100 
101 	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
102 		memset(c, 0, sizeof(*c));
103 		xfree(c);
104 		EVP_CIPHER_CTX_set_app_data(ctx, NULL);
105 	}
106 	return (1);
107 }
108 
109 void
ssh_aes_ctr_iv(EVP_CIPHER_CTX * evp,int doset,u_char * iv,u_int len)110 ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, u_int len)
111 {
112 	struct ssh_aes_ctr_ctx *c;
113 
114 	if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
115 		fatal("ssh_aes_ctr_iv: no context");
116 	if (doset)
117 		memcpy(c->aes_counter, iv, len);
118 	else
119 		memcpy(iv, c->aes_counter, len);
120 }
121 
122 /*
123  * Function fills an EVP_CIPHER structure for AES CTR functions based on the NID
124  * and the key length.
125  */
126 static const EVP_CIPHER *
evp_aes_ctr(const char * nid,int key_len,EVP_CIPHER * aes_ctr)127 evp_aes_ctr(const char *nid, int key_len, EVP_CIPHER *aes_ctr)
128 {
129 	memset(aes_ctr, 0, sizeof(EVP_CIPHER));
130 	/*
131 	 * If the PKCS#11 engine is used the AES CTR NIDs were dynamically
132 	 * created during the engine initialization. If the engine is not used
133 	 * we work with NID_undef's which is OK since in that case OpenSSL
134 	 * doesn't use NIDs at all.
135 	 */
136 	if ((aes_ctr->nid = OBJ_ln2nid(nid)) != NID_undef)
137 		debug3("%s NID found", nid);
138 
139 	aes_ctr->block_size = AES_BLOCK_SIZE;
140 	aes_ctr->iv_len = AES_BLOCK_SIZE;
141 	aes_ctr->key_len = key_len;
142 	aes_ctr->init = ssh_aes_ctr_init;
143 	aes_ctr->cleanup = ssh_aes_ctr_cleanup;
144 	aes_ctr->do_cipher = ssh_aes_ctr;
145 	aes_ctr->flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
146 	    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
147 	return (aes_ctr);
148 }
149 
150 const EVP_CIPHER *
evp_aes_128_ctr(void)151 evp_aes_128_ctr(void)
152 {
153 	static EVP_CIPHER aes_ctr;
154 
155 	return (evp_aes_ctr("aes-128-ctr", 16, &aes_ctr));
156 }
157 
158 const EVP_CIPHER *
evp_aes_192_ctr(void)159 evp_aes_192_ctr(void)
160 {
161 	static EVP_CIPHER aes_ctr;
162 
163 	return (evp_aes_ctr("aes-192-ctr", 24, &aes_ctr));
164 }
165 
166 const EVP_CIPHER *
evp_aes_256_ctr(void)167 evp_aes_256_ctr(void)
168 {
169 	static EVP_CIPHER aes_ctr;
170 
171 	return (evp_aes_ctr("aes-256-ctr", 32, &aes_ctr));
172 }
173