crypto/external/bsd/openssh/dist/cipher-ctr.c

   1 /*      $NetBSD: cipher-ctr.c,v 1.2 2009/06/07 22:38:46 christos Exp $  */
   2 /* $OpenBSD: cipher-ctr.c,v 1.10 2006/08/03 03:34:42 deraadt Exp $ */
   3 /*
   4  * Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
   5  *
   6  * Permission to use, copy, modify, and distribute this software for any
   7  * purpose with or without fee is hereby granted, provided that the above
   8  * copyright notice and this permission notice appear in all copies.
   9  *
  10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  11  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  12  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  13  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  14  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  15  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  16  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  17  */
  18
  19 #include "includes.h"
  20 __RCSID("$NetBSD: cipher-ctr.c,v 1.2 2009/06/07 22:38:46 christos Exp $");
  21 #include <sys/types.h>
  22
  23 #include <string.h>
  24
  25 #include <openssl/evp.h>
  26 #include <openssl/aes.h>
  27
  28 #include "xmalloc.h"
  29 #include "log.h"
  30
  31 const EVP_CIPHER *evp_aes_128_ctr(void);
  32 void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t);
  33
  34 struct ssh_aes_ctr_ctx
  35 {
  36         AES_KEY         aes_ctx;
  37         u_char          aes_counter[AES_BLOCK_SIZE];
  38 };
  39
  40 /*
  41  * increment counter 'ctr',
  42  * the counter is of size 'len' bytes and stored in network-byte-order.
  43  * (LSB at ctr[len-1], MSB at ctr[0])
  44  */
  45 static void
  46 ssh_ctr_inc(u_char *ctr, size_t len)
  47 {
  48         int i;
  49
  50         for (i = len - 1; i >= 0; i--)
  51                 if (++ctr[i])   /* continue on overflow */
  52                         return;
  53 }
  54
  55 static int
  56 ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
  57     size_t len)
  58 {
  59         struct ssh_aes_ctr_ctx *c;
  60         size_t n = 0;
  61         u_char buf[AES_BLOCK_SIZE];
  62
  63         if (len == 0)
  64                 return (1);
  65         if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
  66                 return (0);
  67
  68         while ((len--) > 0) {
  69                 if (n == 0) {
  70                         AES_encrypt(c->aes_counter, buf, &c->aes_ctx);
  71                         ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
  72                 }
  73                 *(dest++) = *(src++) ^ buf[n];
  74                 n = (n + 1) % AES_BLOCK_SIZE;
  75         }
  76         return (1);
  77 }
  78
  79 static int
  80 ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
  81     int enc)
  82 {
  83         struct ssh_aes_ctr_ctx *c;
  84
  85         if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
  86                 c = xmalloc(sizeof(*c));
  87                 EVP_CIPHER_CTX_set_app_data(ctx, c);
  88         }
  89         if (key != NULL)
  90                 AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
  91                     &c->aes_ctx);
  92         if (iv != NULL)
  93                 memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
  94         return (1);
  95 }
  96
  97 static int
  98 ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
  99 {
 100         struct ssh_aes_ctr_ctx *c;
 101
 102         if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
 103                 memset(c, 0, sizeof(*c));
 104                 xfree(c);
 105                 EVP_CIPHER_CTX_set_app_data(ctx, NULL);
 106         }
 107         return (1);
 108 }
 109
 110 void
 111 ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, size_t len)
 112 {
 113         struct ssh_aes_ctr_ctx *c;
 114
 115         if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
 116                 fatal("ssh_aes_ctr_iv: no context");
 117         if (doset)
 118                 memcpy(c->aes_counter, iv, len);
 119         else
 120                 memcpy(iv, c->aes_counter, len);
 121 }
 122
 123 const EVP_CIPHER *
 124 evp_aes_128_ctr(void)
 125 {
 126         static EVP_CIPHER aes_ctr;
 127
 128         memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
 129         aes_ctr.nid = NID_undef;
 130         aes_ctr.block_size = AES_BLOCK_SIZE;
 131         aes_ctr.iv_len = AES_BLOCK_SIZE;
 132         aes_ctr.key_len = 16;
 133         aes_ctr.init = ssh_aes_ctr_init;
 134         aes_ctr.cleanup = ssh_aes_ctr_cleanup;
 135         aes_ctr.do_cipher = ssh_aes_ctr;
 136         aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
 137             EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
 138         return (&aes_ctr);
 139 }