1 /* $OpenBSD: cipher-ctr.c,v 1.11 2010/10/01 23:05:32 djm Exp $ */
3 * Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #include <sys/types.h>
24 #include <openssl/evp.h>
29 /* compatibility with old or broken OpenSSL versions */
30 #include "openbsd-compat/openssl-compat.h"
32 #ifndef USE_BUILTIN_RIJNDAEL
33 #include <openssl/aes.h>
36 const EVP_CIPHER
*evp_aes_128_ctr(void);
37 void ssh_aes_ctr_iv(EVP_CIPHER_CTX
*, int, u_char
*, size_t);
39 struct ssh_aes_ctr_ctx
42 u_char aes_counter
[AES_BLOCK_SIZE
];
46 * increment counter 'ctr',
47 * the counter is of size 'len' bytes and stored in network-byte-order.
48 * (LSB at ctr[len-1], MSB at ctr[0])
51 ssh_ctr_inc(u_char
*ctr
, size_t len
)
55 for (i
= len
- 1; i
>= 0; i
--)
56 if (++ctr
[i
]) /* continue on overflow */
61 ssh_aes_ctr(EVP_CIPHER_CTX
*ctx
, u_char
*dest
, const u_char
*src
,
62 LIBCRYPTO_EVP_INL_TYPE len
)
64 struct ssh_aes_ctr_ctx
*c
;
66 u_char buf
[AES_BLOCK_SIZE
];
70 if ((c
= EVP_CIPHER_CTX_get_app_data(ctx
)) == NULL
)
75 AES_encrypt(c
->aes_counter
, buf
, &c
->aes_ctx
);
76 ssh_ctr_inc(c
->aes_counter
, AES_BLOCK_SIZE
);
78 *(dest
++) = *(src
++) ^ buf
[n
];
79 n
= (n
+ 1) % AES_BLOCK_SIZE
;
85 ssh_aes_ctr_init(EVP_CIPHER_CTX
*ctx
, const u_char
*key
, const u_char
*iv
,
88 struct ssh_aes_ctr_ctx
*c
;
90 if ((c
= EVP_CIPHER_CTX_get_app_data(ctx
)) == NULL
) {
91 c
= xmalloc(sizeof(*c
));
92 EVP_CIPHER_CTX_set_app_data(ctx
, c
);
95 AES_set_encrypt_key(key
, EVP_CIPHER_CTX_key_length(ctx
) * 8,
98 memcpy(c
->aes_counter
, iv
, AES_BLOCK_SIZE
);
103 ssh_aes_ctr_cleanup(EVP_CIPHER_CTX
*ctx
)
105 struct ssh_aes_ctr_ctx
*c
;
107 if ((c
= EVP_CIPHER_CTX_get_app_data(ctx
)) != NULL
) {
108 memset(c
, 0, sizeof(*c
));
110 EVP_CIPHER_CTX_set_app_data(ctx
, NULL
);
116 ssh_aes_ctr_iv(EVP_CIPHER_CTX
*evp
, int doset
, u_char
* iv
, size_t len
)
118 struct ssh_aes_ctr_ctx
*c
;
120 if ((c
= EVP_CIPHER_CTX_get_app_data(evp
)) == NULL
)
121 fatal("ssh_aes_ctr_iv: no context");
123 memcpy(c
->aes_counter
, iv
, len
);
125 memcpy(iv
, c
->aes_counter
, len
);
129 evp_aes_128_ctr(void)
131 static EVP_CIPHER aes_ctr
;
133 memset(&aes_ctr
, 0, sizeof(EVP_CIPHER
));
134 aes_ctr
.nid
= NID_undef
;
135 aes_ctr
.block_size
= AES_BLOCK_SIZE
;
136 aes_ctr
.iv_len
= AES_BLOCK_SIZE
;
137 aes_ctr
.key_len
= 16;
138 aes_ctr
.init
= ssh_aes_ctr_init
;
139 aes_ctr
.cleanup
= ssh_aes_ctr_cleanup
;
140 aes_ctr
.do_cipher
= ssh_aes_ctr
;
142 aes_ctr
.flags
= EVP_CIPH_CBC_MODE
| EVP_CIPH_VARIABLE_LENGTH
|
143 EVP_CIPH_ALWAYS_CALL_INIT
| EVP_CIPH_CUSTOM_IV
;