#include "ssh.h"
-typedef unsigned int word32;
-
#define MAX_NR 14 /* max no of rounds */
#define MAX_NK 8 /* max no of words in input key */
#define MAX_NB 8 /* max no of words in cipher blk */
#define mulby2(x) ( ((x&0x7F) << 1) ^ (x & 0x80 ? 0x1B : 0) )
-#define GET_32BIT_MSB_FIRST(cp) \
- (((unsigned long)(unsigned char)(cp)[3]) | \
- ((unsigned long)(unsigned char)(cp)[2] << 8) | \
- ((unsigned long)(unsigned char)(cp)[1] << 16) | \
- ((unsigned long)(unsigned char)(cp)[0] << 24))
-
-#define PUT_32BIT_MSB_FIRST(cp, value) do { \
- (cp)[3] = (value); \
- (cp)[2] = (value) >> 8; \
- (cp)[1] = (value) >> 16; \
- (cp)[0] = (value) >> 24; } while (0)
-
typedef struct AESContext AESContext;
struct AESContext {
- word32 keysched[(MAX_NR+1) * MAX_NB];
- word32 invkeysched[(MAX_NR+1) * MAX_NB];
- void (*encrypt)(AESContext *ctx, word32 *block);
- void (*decrypt)(AESContext *ctx, word32 *block);
+ word32 keysched[(MAX_NR + 1) * MAX_NB];
+ word32 invkeysched[(MAX_NR + 1) * MAX_NB];
+ void (*encrypt) (AESContext * ctx, word32 * block);
+ void (*decrypt) (AESContext * ctx, word32 * block);
word32 iv[MAX_NB];
int Nb, Nr;
};
-static const unsigned char Sbox[256], Sboxinv[256];
-static const word32 E0[256], E1[256], E2[256], E3[256];
-static const word32 D0[256], D1[256], D2[256], D3[256];
-
-/*
- * Common macros in both the encryption and decryption routines.
- */
-#define ADD_ROUND_KEY_4 (block[0]^=*keysched++, block[1]^=*keysched++, \
- block[2]^=*keysched++, block[3]^=*keysched++)
-#define ADD_ROUND_KEY_6 (block[0]^=*keysched++, block[1]^=*keysched++, \
- block[2]^=*keysched++, block[3]^=*keysched++, \
- block[4]^=*keysched++, block[5]^=*keysched++)
-#define ADD_ROUND_KEY_8 (block[0]^=*keysched++, block[1]^=*keysched++, \
- block[2]^=*keysched++, block[3]^=*keysched++, \
- block[4]^=*keysched++, block[5]^=*keysched++, \
- block[6]^=*keysched++, block[7]^=*keysched++)
-#define MOVEWORD(i) ( block[i] = newstate[i] )
-
-/*
- * Macros for the encryption routine. There are three encryption
- * cores, for Nb=4,6,8.
- */
-#define MAKEWORD(i) ( newstate[i] = (E0[(block[i] >> 24) & 0xFF] ^ \
- E1[(block[(i+C1)%Nb] >> 16) & 0xFF] ^ \
- E2[(block[(i+C2)%Nb] >> 8) & 0xFF] ^ \
- E3[block[(i+C3)%Nb] & 0xFF]) )
-#define LASTWORD(i) ( newstate[i] = (Sbox[(block[i] >> 24) & 0xFF] << 24) | \
- (Sbox[(block[(i+C1)%Nb] >> 16) & 0xFF] << 16) | \
- (Sbox[(block[(i+C2)%Nb] >> 8) & 0xFF] << 8) | \
- (Sbox[(block[(i+C3)%Nb] ) & 0xFF] ) )
-
-/*
- * Core encrypt routines, expecting word32 inputs read big-endian
- * from the byte-oriented input stream.
- */
-static void aes_encrypt_nb_4(AESContext *ctx, word32 *block) {
- int i;
- static const int C1 = 1, C2 = 2, C3 = 3, Nb = 4;
- word32 *keysched = ctx->keysched;
- word32 newstate[4];
- for (i = 0; i < ctx->Nr-1; i++) {
- ADD_ROUND_KEY_4;
- MAKEWORD(0); MAKEWORD(1); MAKEWORD(2); MAKEWORD(3);
- MOVEWORD(0); MOVEWORD(1); MOVEWORD(2); MOVEWORD(3);
- }
- ADD_ROUND_KEY_4;
- LASTWORD(0); LASTWORD(1); LASTWORD(2); LASTWORD(3);
- MOVEWORD(0); MOVEWORD(1); MOVEWORD(2); MOVEWORD(3);
- ADD_ROUND_KEY_4;
-}
-static void aes_encrypt_nb_6(AESContext *ctx, word32 *block) {
- int i;
- static const int C1 = 1, C2 = 2, C3 = 3, Nb = 6;
- word32 *keysched = ctx->keysched;
- word32 newstate[6];
- for (i = 0; i < ctx->Nr-1; i++) {
- ADD_ROUND_KEY_6;
- MAKEWORD(0); MAKEWORD(1); MAKEWORD(2);
- MAKEWORD(3); MAKEWORD(4); MAKEWORD(5);
- MOVEWORD(0); MOVEWORD(1); MOVEWORD(2);
- MOVEWORD(3); MOVEWORD(4); MOVEWORD(5);
- }
- ADD_ROUND_KEY_6;
- LASTWORD(0); LASTWORD(1); LASTWORD(2);
- LASTWORD(3); LASTWORD(4); LASTWORD(5);
- MOVEWORD(0); MOVEWORD(1); MOVEWORD(2);
- MOVEWORD(3); MOVEWORD(4); MOVEWORD(5);
- ADD_ROUND_KEY_6;
-}
-static void aes_encrypt_nb_8(AESContext *ctx, word32 *block) {
- int i;
- static const int C1 = 1, C2 = 3, C3 = 4, Nb = 8;
- word32 *keysched = ctx->keysched;
- word32 newstate[8];
- for (i = 0; i < ctx->Nr-1; i++) {
- ADD_ROUND_KEY_8;
- MAKEWORD(0); MAKEWORD(1); MAKEWORD(2); MAKEWORD(3);
- MAKEWORD(4); MAKEWORD(5); MAKEWORD(6); MAKEWORD(7);
- MOVEWORD(0); MOVEWORD(1); MOVEWORD(2); MOVEWORD(3);
- MOVEWORD(4); MOVEWORD(5); MOVEWORD(6); MOVEWORD(7);
- }
- ADD_ROUND_KEY_8;
- LASTWORD(0); LASTWORD(1); LASTWORD(2); LASTWORD(3);
- LASTWORD(4); LASTWORD(5); LASTWORD(6); LASTWORD(7);
- MOVEWORD(0); MOVEWORD(1); MOVEWORD(2); MOVEWORD(3);
- MOVEWORD(4); MOVEWORD(5); MOVEWORD(6); MOVEWORD(7);
- ADD_ROUND_KEY_8;
-}
-#undef MAKEWORD
-#undef LASTWORD
-
-/*
- * Macros for the decryption routine. There are three decryption
- * cores, for Nb=4,6,8.
- */
-#define MAKEWORD(i) ( newstate[i] = (D0[(block[i] >> 24) & 0xFF] ^ \
- D1[(block[(i+C1)%Nb] >> 16) & 0xFF] ^ \
- D2[(block[(i+C2)%Nb] >> 8) & 0xFF] ^ \
- D3[block[(i+C3)%Nb] & 0xFF]) )
-#define LASTWORD(i) (newstate[i] = (Sboxinv[(block[i] >> 24) & 0xFF] << 24) | \
- (Sboxinv[(block[(i+C1)%Nb] >> 16) & 0xFF] << 16) | \
- (Sboxinv[(block[(i+C2)%Nb] >> 8) & 0xFF] << 8) | \
- (Sboxinv[(block[(i+C3)%Nb] ) & 0xFF] ) )
-
-/*
- * Core decrypt routines, expecting word32 inputs read big-endian
- * from the byte-oriented input stream.
- */
-static void aes_decrypt_nb_4(AESContext *ctx, word32 *block) {
- int i;
- static const int C1 = 4-1, C2 = 4-2, C3 = 4-3, Nb = 4;
- word32 *keysched = ctx->invkeysched;
- word32 newstate[4];
- for (i = 0; i < ctx->Nr-1; i++) {
- ADD_ROUND_KEY_4;
- MAKEWORD(0); MAKEWORD(1); MAKEWORD(2); MAKEWORD(3);
- MOVEWORD(0); MOVEWORD(1); MOVEWORD(2); MOVEWORD(3);
- }
- ADD_ROUND_KEY_4;
- LASTWORD(0); LASTWORD(1); LASTWORD(2); LASTWORD(3);
- MOVEWORD(0); MOVEWORD(1); MOVEWORD(2); MOVEWORD(3);
- ADD_ROUND_KEY_4;
-}
-static void aes_decrypt_nb_6(AESContext *ctx, word32 *block) {
- int i;
- static const int C1 = 6-1, C2 = 6-2, C3 = 6-3, Nb = 6;
- word32 *keysched = ctx->invkeysched;
- word32 newstate[6];
- for (i = 0; i < ctx->Nr-1; i++) {
- ADD_ROUND_KEY_6;
- MAKEWORD(0); MAKEWORD(1); MAKEWORD(2);
- MAKEWORD(3); MAKEWORD(4); MAKEWORD(5);
- MOVEWORD(0); MOVEWORD(1); MOVEWORD(2);
- MOVEWORD(3); MOVEWORD(4); MOVEWORD(5);
- }
- ADD_ROUND_KEY_6;
- LASTWORD(0); LASTWORD(1); LASTWORD(2);
- LASTWORD(3); LASTWORD(4); LASTWORD(5);
- MOVEWORD(0); MOVEWORD(1); MOVEWORD(2);
- MOVEWORD(3); MOVEWORD(4); MOVEWORD(5);
- ADD_ROUND_KEY_6;
-}
-static void aes_decrypt_nb_8(AESContext *ctx, word32 *block) {
- int i;
- static const int C1 = 8-1, C2 = 8-3, C3 = 8-4, Nb = 8;
- word32 *keysched = ctx->invkeysched;
- word32 newstate[8];
- for (i = 0; i < ctx->Nr-1; i++) {
- ADD_ROUND_KEY_8;
- MAKEWORD(0); MAKEWORD(1); MAKEWORD(2); MAKEWORD(3);
- MAKEWORD(4); MAKEWORD(5); MAKEWORD(6); MAKEWORD(7);
- MOVEWORD(0); MOVEWORD(1); MOVEWORD(2); MOVEWORD(3);
- MOVEWORD(4); MOVEWORD(5); MOVEWORD(6); MOVEWORD(7);
- }
- ADD_ROUND_KEY_8;
- LASTWORD(0); LASTWORD(1); LASTWORD(2); LASTWORD(3);
- LASTWORD(4); LASTWORD(5); LASTWORD(6); LASTWORD(7);
- MOVEWORD(0); MOVEWORD(1); MOVEWORD(2); MOVEWORD(3);
- MOVEWORD(4); MOVEWORD(5); MOVEWORD(6); MOVEWORD(7);
- ADD_ROUND_KEY_8;
-}
-#undef MAKEWORD
-#undef LASTWORD
-
static const unsigned char Sbox[256] = {
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0,
};
+/*
+ * Common macros in both the encryption and decryption routines.
+ */
+#define ADD_ROUND_KEY_4 (block[0]^=*keysched++, block[1]^=*keysched++, \
+ block[2]^=*keysched++, block[3]^=*keysched++)
+#define ADD_ROUND_KEY_6 (block[0]^=*keysched++, block[1]^=*keysched++, \
+ block[2]^=*keysched++, block[3]^=*keysched++, \
+ block[4]^=*keysched++, block[5]^=*keysched++)
+#define ADD_ROUND_KEY_8 (block[0]^=*keysched++, block[1]^=*keysched++, \
+ block[2]^=*keysched++, block[3]^=*keysched++, \
+ block[4]^=*keysched++, block[5]^=*keysched++, \
+ block[6]^=*keysched++, block[7]^=*keysched++)
+#define MOVEWORD(i) ( block[i] = newstate[i] )
+
+/*
+ * Macros for the encryption routine. There are three encryption
+ * cores, for Nb=4,6,8.
+ */
+#define MAKEWORD(i) ( newstate[i] = (E0[(block[i] >> 24) & 0xFF] ^ \
+ E1[(block[(i+C1)%Nb] >> 16) & 0xFF] ^ \
+ E2[(block[(i+C2)%Nb] >> 8) & 0xFF] ^ \
+ E3[block[(i+C3)%Nb] & 0xFF]) )
+#define LASTWORD(i) ( newstate[i] = (Sbox[(block[i] >> 24) & 0xFF] << 24) | \
+ (Sbox[(block[(i+C1)%Nb] >> 16) & 0xFF] << 16) | \
+ (Sbox[(block[(i+C2)%Nb] >> 8) & 0xFF] << 8) | \
+ (Sbox[(block[(i+C3)%Nb] ) & 0xFF] ) )
+
+/*
+ * Core encrypt routines, expecting word32 inputs read big-endian
+ * from the byte-oriented input stream.
+ */
+static void aes_encrypt_nb_4(AESContext * ctx, word32 * block)
+{
+ int i;
+ static const int C1 = 1, C2 = 2, C3 = 3, Nb = 4;
+ word32 *keysched = ctx->keysched;
+ word32 newstate[4];
+ for (i = 0; i < ctx->Nr - 1; i++) {
+ ADD_ROUND_KEY_4;
+ MAKEWORD(0);
+ MAKEWORD(1);
+ MAKEWORD(2);
+ MAKEWORD(3);
+ MOVEWORD(0);
+ MOVEWORD(1);
+ MOVEWORD(2);
+ MOVEWORD(3);
+ }
+ ADD_ROUND_KEY_4;
+ LASTWORD(0);
+ LASTWORD(1);
+ LASTWORD(2);
+ LASTWORD(3);
+ MOVEWORD(0);
+ MOVEWORD(1);
+ MOVEWORD(2);
+ MOVEWORD(3);
+ ADD_ROUND_KEY_4;
+}
+static void aes_encrypt_nb_6(AESContext * ctx, word32 * block)
+{
+ int i;
+ static const int C1 = 1, C2 = 2, C3 = 3, Nb = 6;
+ word32 *keysched = ctx->keysched;
+ word32 newstate[6];
+ for (i = 0; i < ctx->Nr - 1; i++) {
+ ADD_ROUND_KEY_6;
+ MAKEWORD(0);
+ MAKEWORD(1);
+ MAKEWORD(2);
+ MAKEWORD(3);
+ MAKEWORD(4);
+ MAKEWORD(5);
+ MOVEWORD(0);
+ MOVEWORD(1);
+ MOVEWORD(2);
+ MOVEWORD(3);
+ MOVEWORD(4);
+ MOVEWORD(5);
+ }
+ ADD_ROUND_KEY_6;
+ LASTWORD(0);
+ LASTWORD(1);
+ LASTWORD(2);
+ LASTWORD(3);
+ LASTWORD(4);
+ LASTWORD(5);
+ MOVEWORD(0);
+ MOVEWORD(1);
+ MOVEWORD(2);
+ MOVEWORD(3);
+ MOVEWORD(4);
+ MOVEWORD(5);
+ ADD_ROUND_KEY_6;
+}
+static void aes_encrypt_nb_8(AESContext * ctx, word32 * block)
+{
+ int i;
+ static const int C1 = 1, C2 = 3, C3 = 4, Nb = 8;
+ word32 *keysched = ctx->keysched;
+ word32 newstate[8];
+ for (i = 0; i < ctx->Nr - 1; i++) {
+ ADD_ROUND_KEY_8;
+ MAKEWORD(0);
+ MAKEWORD(1);
+ MAKEWORD(2);
+ MAKEWORD(3);
+ MAKEWORD(4);
+ MAKEWORD(5);
+ MAKEWORD(6);
+ MAKEWORD(7);
+ MOVEWORD(0);
+ MOVEWORD(1);
+ MOVEWORD(2);
+ MOVEWORD(3);
+ MOVEWORD(4);
+ MOVEWORD(5);
+ MOVEWORD(6);
+ MOVEWORD(7);
+ }
+ ADD_ROUND_KEY_8;
+ LASTWORD(0);
+ LASTWORD(1);
+ LASTWORD(2);
+ LASTWORD(3);
+ LASTWORD(4);
+ LASTWORD(5);
+ LASTWORD(6);
+ LASTWORD(7);
+ MOVEWORD(0);
+ MOVEWORD(1);
+ MOVEWORD(2);
+ MOVEWORD(3);
+ MOVEWORD(4);
+ MOVEWORD(5);
+ MOVEWORD(6);
+ MOVEWORD(7);
+ ADD_ROUND_KEY_8;
+}
+
+#undef MAKEWORD
+#undef LASTWORD
+
+/*
+ * Macros for the decryption routine. There are three decryption
+ * cores, for Nb=4,6,8.
+ */
+#define MAKEWORD(i) ( newstate[i] = (D0[(block[i] >> 24) & 0xFF] ^ \
+ D1[(block[(i+C1)%Nb] >> 16) & 0xFF] ^ \
+ D2[(block[(i+C2)%Nb] >> 8) & 0xFF] ^ \
+ D3[block[(i+C3)%Nb] & 0xFF]) )
+#define LASTWORD(i) (newstate[i] = (Sboxinv[(block[i] >> 24) & 0xFF] << 24) | \
+ (Sboxinv[(block[(i+C1)%Nb] >> 16) & 0xFF] << 16) | \
+ (Sboxinv[(block[(i+C2)%Nb] >> 8) & 0xFF] << 8) | \
+ (Sboxinv[(block[(i+C3)%Nb] ) & 0xFF] ) )
+
+/*
+ * Core decrypt routines, expecting word32 inputs read big-endian
+ * from the byte-oriented input stream.
+ */
+static void aes_decrypt_nb_4(AESContext * ctx, word32 * block)
+{
+ int i;
+ static const int C1 = 4 - 1, C2 = 4 - 2, C3 = 4 - 3, Nb = 4;
+ word32 *keysched = ctx->invkeysched;
+ word32 newstate[4];
+ for (i = 0; i < ctx->Nr - 1; i++) {
+ ADD_ROUND_KEY_4;
+ MAKEWORD(0);
+ MAKEWORD(1);
+ MAKEWORD(2);
+ MAKEWORD(3);
+ MOVEWORD(0);
+ MOVEWORD(1);
+ MOVEWORD(2);
+ MOVEWORD(3);
+ }
+ ADD_ROUND_KEY_4;
+ LASTWORD(0);
+ LASTWORD(1);
+ LASTWORD(2);
+ LASTWORD(3);
+ MOVEWORD(0);
+ MOVEWORD(1);
+ MOVEWORD(2);
+ MOVEWORD(3);
+ ADD_ROUND_KEY_4;
+}
+static void aes_decrypt_nb_6(AESContext * ctx, word32 * block)
+{
+ int i;
+ static const int C1 = 6 - 1, C2 = 6 - 2, C3 = 6 - 3, Nb = 6;
+ word32 *keysched = ctx->invkeysched;
+ word32 newstate[6];
+ for (i = 0; i < ctx->Nr - 1; i++) {
+ ADD_ROUND_KEY_6;
+ MAKEWORD(0);
+ MAKEWORD(1);
+ MAKEWORD(2);
+ MAKEWORD(3);
+ MAKEWORD(4);
+ MAKEWORD(5);
+ MOVEWORD(0);
+ MOVEWORD(1);
+ MOVEWORD(2);
+ MOVEWORD(3);
+ MOVEWORD(4);
+ MOVEWORD(5);
+ }
+ ADD_ROUND_KEY_6;
+ LASTWORD(0);
+ LASTWORD(1);
+ LASTWORD(2);
+ LASTWORD(3);
+ LASTWORD(4);
+ LASTWORD(5);
+ MOVEWORD(0);
+ MOVEWORD(1);
+ MOVEWORD(2);
+ MOVEWORD(3);
+ MOVEWORD(4);
+ MOVEWORD(5);
+ ADD_ROUND_KEY_6;
+}
+static void aes_decrypt_nb_8(AESContext * ctx, word32 * block)
+{
+ int i;
+ static const int C1 = 8 - 1, C2 = 8 - 3, C3 = 8 - 4, Nb = 8;
+ word32 *keysched = ctx->invkeysched;
+ word32 newstate[8];
+ for (i = 0; i < ctx->Nr - 1; i++) {
+ ADD_ROUND_KEY_8;
+ MAKEWORD(0);
+ MAKEWORD(1);
+ MAKEWORD(2);
+ MAKEWORD(3);
+ MAKEWORD(4);
+ MAKEWORD(5);
+ MAKEWORD(6);
+ MAKEWORD(7);
+ MOVEWORD(0);
+ MOVEWORD(1);
+ MOVEWORD(2);
+ MOVEWORD(3);
+ MOVEWORD(4);
+ MOVEWORD(5);
+ MOVEWORD(6);
+ MOVEWORD(7);
+ }
+ ADD_ROUND_KEY_8;
+ LASTWORD(0);
+ LASTWORD(1);
+ LASTWORD(2);
+ LASTWORD(3);
+ LASTWORD(4);
+ LASTWORD(5);
+ LASTWORD(6);
+ LASTWORD(7);
+ MOVEWORD(0);
+ MOVEWORD(1);
+ MOVEWORD(2);
+ MOVEWORD(3);
+ MOVEWORD(4);
+ MOVEWORD(5);
+ MOVEWORD(6);
+ MOVEWORD(7);
+ ADD_ROUND_KEY_8;
+}
+
+#undef MAKEWORD
+#undef LASTWORD
+
+
/*
* Set up an AESContext. `keylen' and `blocklen' are measured in
* bytes; each can be either 16 (128-bit), 24 (192-bit), or 32
* (256-bit).
*/
-void aes_setup(AESContext *ctx, int blocklen,
- unsigned char *key, int keylen) {
+static void aes_setup(AESContext * ctx, int blocklen,
+ unsigned char *key, int keylen)
+{
int i, j, Nk, rconst;
assert(blocklen == 16 || blocklen == 24 || blocklen == 32);
* Now do the key setup itself.
*/
rconst = 1;
- for (i = 0; i < (ctx->Nr+1) * ctx->Nb; i++) {
+ for (i = 0; i < (ctx->Nr + 1) * ctx->Nb; i++) {
if (i < Nk)
- ctx->keysched[i] = GET_32BIT_MSB_FIRST(key + 4*i);
+ ctx->keysched[i] = GET_32BIT_MSB_FIRST(key + 4 * i);
else {
- word32 temp = ctx->keysched[i-1];
+ word32 temp = ctx->keysched[i - 1];
if (i % Nk == 0) {
int a, b, c, d;
a = (temp >> 16) & 0xFF;
- b = (temp >> 8) & 0xFF;
- c = (temp >> 0) & 0xFF;
+ b = (temp >> 8) & 0xFF;
+ c = (temp >> 0) & 0xFF;
d = (temp >> 24) & 0xFF;
temp = Sbox[a] ^ rconst;
temp = (temp << 8) | Sbox[b];
int a, b, c, d;
a = (temp >> 24) & 0xFF;
b = (temp >> 16) & 0xFF;
- c = (temp >> 8) & 0xFF;
- d = (temp >> 0) & 0xFF;
+ c = (temp >> 8) & 0xFF;
+ d = (temp >> 0) & 0xFF;
temp = Sbox[a];
temp = (temp << 8) | Sbox[b];
temp = (temp << 8) | Sbox[c];
- temp = (temp << 8) | Sbox[d];
+ temp = (temp << 8) | Sbox[d];
}
- ctx->keysched[i] = ctx->keysched[i-Nk] ^ temp;
+ ctx->keysched[i] = ctx->keysched[i - Nk] ^ temp;
}
}
int a, b, c, d;
a = (temp >> 24) & 0xFF;
b = (temp >> 16) & 0xFF;
- c = (temp >> 8) & 0xFF;
- d = (temp >> 0) & 0xFF;
+ c = (temp >> 8) & 0xFF;
+ d = (temp >> 0) & 0xFF;
temp = D0[Sbox[a]];
temp ^= D1[Sbox[b]];
temp ^= D2[Sbox[c]];
}
}
-static void aes_encrypt(AESContext *ctx, word32 *block) {
+static void aes_encrypt(AESContext * ctx, word32 * block)
+{
ctx->encrypt(ctx, block);
}
-static void aes_decrypt(AESContext *ctx, word32 *block) {
+static void aes_decrypt(AESContext * ctx, word32 * block)
+{
ctx->decrypt(ctx, block);
}
-static void aes_encrypt_cbc(unsigned char *blk, int len, AESContext *ctx) {
+static void aes_encrypt_cbc(unsigned char *blk, int len, AESContext * ctx)
+{
word32 iv[4];
int i;
while (len > 0) {
for (i = 0; i < 4; i++)
- iv[i] ^= GET_32BIT_MSB_FIRST(blk+4*i);
+ iv[i] ^= GET_32BIT_MSB_FIRST(blk + 4 * i);
aes_encrypt(ctx, iv);
- for (i = 0; i < 4; i++)
- PUT_32BIT_MSB_FIRST(blk+4*i, iv[i]);
- blk += 16;
- len -= 16;
+ for (i = 0; i < 4; i++)
+ PUT_32BIT_MSB_FIRST(blk + 4 * i, iv[i]);
+ blk += 16;
+ len -= 16;
}
memcpy(ctx->iv, iv, sizeof(iv));
}
-static void aes_decrypt_cbc(unsigned char *blk, int len, AESContext *ctx) {
+static void aes_decrypt_cbc(unsigned char *blk, int len, AESContext * ctx)
+{
word32 iv[4], x[4], ct[4];
int i;
while (len > 0) {
for (i = 0; i < 4; i++)
- x[i] = ct[i] = GET_32BIT_MSB_FIRST(blk+4*i);
+ x[i] = ct[i] = GET_32BIT_MSB_FIRST(blk + 4 * i);
aes_decrypt(ctx, x);
for (i = 0; i < 4; i++) {
- PUT_32BIT_MSB_FIRST(blk+4*i, iv[i] ^ x[i]);
- iv[i] = ct[i];
- }
- blk += 16;
- len -= 16;
+ PUT_32BIT_MSB_FIRST(blk + 4 * i, iv[i] ^ x[i]);
+ iv[i] = ct[i];
+ }
+ blk += 16;
+ len -= 16;
}
memcpy(ctx->iv, iv, sizeof(iv));
}
-static AESContext csctx, scctx;
+static void aes_sdctr(unsigned char *blk, int len, AESContext *ctx)
+{
+ word32 iv[4], b[4], tmp;
+ int i;
+
+ assert((len & 15) == 0);
+
+ memcpy(iv, ctx->iv, sizeof(iv));
+
+ while (len > 0) {
+ memcpy(b, iv, sizeof(b));
+ aes_encrypt(ctx, b);
+ for (i = 0; i < 4; i++) {
+ tmp = GET_32BIT_MSB_FIRST(blk + 4 * i);
+ PUT_32BIT_MSB_FIRST(blk + 4 * i, tmp ^ b[i]);
+ }
+ for (i = 3; i >= 0; i--)
+ if ((iv[i] = (iv[i] + 1) & 0xffffffff) != 0)
+ break;
+ blk += 16;
+ len -= 16;
+ }
-static void aes128_cskey(unsigned char *key) {
- aes_setup(&csctx, 16, key, 16);
- logevent("Initialised AES-128 client->server encryption");
+ memcpy(ctx->iv, iv, sizeof(iv));
}
-static void aes128_sckey(unsigned char *key) {
- aes_setup(&scctx, 16, key, 16);
- logevent("Initialised AES-128 server->client encryption");
+void *aes_make_context(void)
+{
+ return snew(AESContext);
}
-static void aes192_cskey(unsigned char *key) {
- aes_setup(&csctx, 16, key, 24);
- logevent("Initialised AES-192 client->server encryption");
+void aes_free_context(void *handle)
+{
+ sfree(handle);
}
-static void aes192_sckey(unsigned char *key) {
- aes_setup(&scctx, 16, key, 24);
- logevent("Initialised AES-192 server->client encryption");
+void aes128_key(void *handle, unsigned char *key)
+{
+ AESContext *ctx = (AESContext *)handle;
+ aes_setup(ctx, 16, key, 16);
}
-static void aes256_cskey(unsigned char *key) {
- aes_setup(&csctx, 16, key, 32);
- logevent("Initialised AES-256 client->server encryption");
+void aes192_key(void *handle, unsigned char *key)
+{
+ AESContext *ctx = (AESContext *)handle;
+ aes_setup(ctx, 16, key, 24);
}
-static void aes256_sckey(unsigned char *key) {
- aes_setup(&scctx, 16, key, 32);
- logevent("Initialised AES-256 server->client encryption");
+void aes256_key(void *handle, unsigned char *key)
+{
+ AESContext *ctx = (AESContext *)handle;
+ aes_setup(ctx, 16, key, 32);
}
-static void aes_csiv(unsigned char *iv) {
+void aes_iv(void *handle, unsigned char *iv)
+{
+ AESContext *ctx = (AESContext *)handle;
int i;
for (i = 0; i < 4; i++)
- csctx.iv[i] = GET_32BIT_MSB_FIRST(iv+4*i);
+ ctx->iv[i] = GET_32BIT_MSB_FIRST(iv + 4 * i);
}
-static void aes_sciv(unsigned char *iv) {
- int i;
- for (i = 0; i < 4; i++)
- scctx.iv[i] = GET_32BIT_MSB_FIRST(iv+4*i);
+void aes_ssh2_encrypt_blk(void *handle, unsigned char *blk, int len)
+{
+ AESContext *ctx = (AESContext *)handle;
+ aes_encrypt_cbc(blk, len, ctx);
}
-static void aes_ssh2_encrypt_blk(unsigned char *blk, int len) {
- aes_encrypt_cbc(blk, len, &csctx);
+void aes_ssh2_decrypt_blk(void *handle, unsigned char *blk, int len)
+{
+ AESContext *ctx = (AESContext *)handle;
+ aes_decrypt_cbc(blk, len, ctx);
}
-static void aes_ssh2_decrypt_blk(unsigned char *blk, int len) {
- aes_decrypt_cbc(blk, len, &scctx);
+static void aes_ssh2_sdctr(void *handle, unsigned char *blk, int len)
+{
+ AESContext *ctx = (AESContext *)handle;
+ aes_sdctr(blk, len, ctx);
}
-static struct ssh2_cipher ssh_aes128 = {
- aes_csiv, aes128_cskey,
- aes_sciv, aes128_sckey,
- aes_ssh2_encrypt_blk,
- aes_ssh2_decrypt_blk,
- "aes128-cbc",
- 16, 128
+void aes256_encrypt_pubkey(unsigned char *key, unsigned char *blk, int len)
+{
+ AESContext ctx;
+ aes_setup(&ctx, 16, key, 32);
+ memset(ctx.iv, 0, sizeof(ctx.iv));
+ aes_encrypt_cbc(blk, len, &ctx);
+ smemclr(&ctx, sizeof(ctx));
+}
+
+void aes256_decrypt_pubkey(unsigned char *key, unsigned char *blk, int len)
+{
+ AESContext ctx;
+ aes_setup(&ctx, 16, key, 32);
+ memset(ctx.iv, 0, sizeof(ctx.iv));
+ aes_decrypt_cbc(blk, len, &ctx);
+ smemclr(&ctx, sizeof(ctx));
+}
+
+static const struct ssh2_cipher ssh_aes128_ctr = {
+ aes_make_context, aes_free_context, aes_iv, aes128_key,
+ aes_ssh2_sdctr, aes_ssh2_sdctr, NULL, NULL,
+ "aes128-ctr",
+ 16, 128, 16, 0, "AES-128 SDCTR",
+ NULL
};
-static struct ssh2_cipher ssh_aes192 = {
- aes_csiv, aes192_cskey,
- aes_sciv, aes192_sckey,
- aes_ssh2_encrypt_blk,
- aes_ssh2_decrypt_blk,
- "aes192-cbc",
- 16, 192
+static const struct ssh2_cipher ssh_aes192_ctr = {
+ aes_make_context, aes_free_context, aes_iv, aes192_key,
+ aes_ssh2_sdctr, aes_ssh2_sdctr, NULL, NULL,
+ "aes192-ctr",
+ 16, 192, 24, 0, "AES-192 SDCTR",
+ NULL
};
-static struct ssh2_cipher ssh_aes256 = {
- aes_csiv, aes256_cskey,
- aes_sciv, aes256_sckey,
- aes_ssh2_encrypt_blk,
- aes_ssh2_decrypt_blk,
- "aes256-cbc",
- 16, 256
+static const struct ssh2_cipher ssh_aes256_ctr = {
+ aes_make_context, aes_free_context, aes_iv, aes256_key,
+ aes_ssh2_sdctr, aes_ssh2_sdctr, NULL, NULL,
+ "aes256-ctr",
+ 16, 256, 32, 0, "AES-256 SDCTR",
+ NULL
};
-static struct ssh2_cipher ssh_rijndael128 = {
- aes_csiv, aes128_cskey,
- aes_sciv, aes128_sckey,
- aes_ssh2_encrypt_blk,
- aes_ssh2_decrypt_blk,
- "rijndael128-cbc",
- 16, 128
+static const struct ssh2_cipher ssh_aes128 = {
+ aes_make_context, aes_free_context, aes_iv, aes128_key,
+ aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk, NULL, NULL,
+ "aes128-cbc",
+ 16, 128, 16, SSH_CIPHER_IS_CBC, "AES-128 CBC",
+ NULL
};
-static struct ssh2_cipher ssh_rijndael192 = {
- aes_csiv, aes192_cskey,
- aes_sciv, aes192_sckey,
- aes_ssh2_encrypt_blk,
- aes_ssh2_decrypt_blk,
- "rijndael192-cbc",
- 16, 192
+static const struct ssh2_cipher ssh_aes192 = {
+ aes_make_context, aes_free_context, aes_iv, aes192_key,
+ aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk, NULL, NULL,
+ "aes192-cbc",
+ 16, 192, 24, SSH_CIPHER_IS_CBC, "AES-192 CBC",
+ NULL
};
-static struct ssh2_cipher ssh_rijndael256 = {
- aes_csiv, aes256_cskey,
- aes_sciv, aes256_sckey,
- aes_ssh2_encrypt_blk,
- aes_ssh2_decrypt_blk,
- "rijndael256-cbc",
- 16, 256
+static const struct ssh2_cipher ssh_aes256 = {
+ aes_make_context, aes_free_context, aes_iv, aes256_key,
+ aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk, NULL, NULL,
+ "aes256-cbc",
+ 16, 256, 32, SSH_CIPHER_IS_CBC, "AES-256 CBC",
+ NULL
};
-static struct ssh2_cipher ssh_rijndael_lysator = {
- aes_csiv, aes256_cskey,
- aes_sciv, aes256_sckey,
- aes_ssh2_encrypt_blk,
- aes_ssh2_decrypt_blk,
+static const struct ssh2_cipher ssh_rijndael_lysator = {
+ aes_make_context, aes_free_context, aes_iv, aes256_key,
+ aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk, NULL, NULL,
"rijndael-cbc@lysator.liu.se",
- 16, 256
+ 16, 256, 32, SSH_CIPHER_IS_CBC, "AES-256 CBC",
+ NULL
};
-static struct ssh2_cipher *aes_list[] = {
+static const struct ssh2_cipher *const aes_list[] = {
+ &ssh_aes256_ctr,
&ssh_aes256,
- &ssh_rijndael256,
&ssh_rijndael_lysator,
+ &ssh_aes192_ctr,
&ssh_aes192,
- &ssh_rijndael192,
+ &ssh_aes128_ctr,
&ssh_aes128,
- &ssh_rijndael128,
};
-struct ssh2_ciphers ssh2_aes = {
+const struct ssh2_ciphers ssh2_aes = {
sizeof(aes_list) / sizeof(*aes_list),
aes_list
};