static void
aead_cipher_ctx_set_key(cipher_ctx_t *cipher_ctx, int enc)
{
const digest_type_t *md = mbedtls_md_info_from_string("SHA1");
if (md == NULL) {
FATAL("SHA1 Digest not found in crypto library");
}
int err = crypto_hkdf(md,
cipher_ctx->salt, cipher_ctx->cipher->key_len,
cipher_ctx->cipher->key, cipher_ctx->cipher->key_len,
(uint8_t *)SUBKEY_INFO, strlen(SUBKEY_INFO),
cipher_ctx->skey, cipher_ctx->cipher->key_len);
if (err) {
FATAL("Unable to generate subkey");
}
memset(cipher_ctx->nonce, 0, cipher_ctx->cipher->nonce_len);
/* cipher that don't use mbed TLS, just return */
if (cipher_ctx->cipher->method >= CHACHA20POLY1305IETF) {
return;
}
if (mbedtls_cipher_setkey(cipher_ctx->evp, cipher_ctx->skey,
cipher_ctx->cipher->key_len * 8, enc) != 0) {
FATAL("Cannot set mbed TLS cipher key");
}
if (mbedtls_cipher_reset(cipher_ctx->evp) != 0) {
FATAL("Cannot finish preparation of mbed TLS cipher context");
}
}
static int cipher_set_encrypt_key_cbc(struct ssh_cipher_struct *cipher, void *key,
void *IV)
{
const mbedtls_cipher_info_t *cipher_info = NULL;
int rc;
mbedtls_cipher_init(&cipher->encrypt_ctx);
cipher_info = mbedtls_cipher_info_from_type(cipher->type);
rc = mbedtls_cipher_setup(&cipher->encrypt_ctx, cipher_info);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setup failed");
goto error;
}
rc = mbedtls_cipher_setkey(&cipher->encrypt_ctx, key,
cipher_info->key_bitlen,
MBEDTLS_ENCRYPT);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed");
goto error;
}
rc = mbedtls_cipher_set_iv(&cipher->encrypt_ctx, IV, cipher_info->iv_size);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_iv failed");
goto error;
}
/* libssh only encypts and decrypts packets that are multiples of a block
* size, and no padding is used */
rc = mbedtls_cipher_set_padding_mode(&cipher->encrypt_ctx,
MBEDTLS_PADDING_NONE);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_padding_mode failed");
goto error;
}
rc = mbedtls_cipher_reset(&cipher->encrypt_ctx);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed");
goto error;
}
return SSH_OK;
error:
mbedtls_cipher_free(&cipher->encrypt_ctx);
return SSH_ERROR;
}
void
cipher_ctx_set_nonce(cipher_ctx_t *cipher_ctx, uint8_t *nonce, size_t nonce_len,
int enc)
{
const unsigned char *true_key;
cipher_t *cipher = cipher_ctx->cipher;
if (nonce == NULL) {
LOGE("cipher_ctx_set_nonce(): NONCE is null");
return;
}
if (cipher->method >= SALSA20) {
return;
}
if (cipher->method == RC4_MD5) {
unsigned char key_nonce[32];
memcpy(key_nonce, cipher->key, 16);
memcpy(key_nonce + 16, nonce, 16);
true_key = crypto_md5(key_nonce, 32, NULL);
nonce_len = 0;
} else {
true_key = cipher->key;
}
cipher_evp_t *evp = cipher_ctx->evp;
if (evp == NULL) {
LOGE("cipher_ctx_set_nonce(): Cipher context is null");
return;
}
if (mbedtls_cipher_setkey(evp, true_key, cipher->key_len * 8, enc) != 0) {
mbedtls_cipher_free(evp);
FATAL("Cannot set mbed TLS cipher key");
}
if (mbedtls_cipher_set_iv(evp, nonce, nonce_len) != 0) {
mbedtls_cipher_free(evp);
FATAL("Cannot set mbed TLS cipher NONCE");
}
if (mbedtls_cipher_reset(evp) != 0) {
mbedtls_cipher_free(evp);
FATAL("Cannot finalize mbed TLS cipher context");
}
#ifdef SS_DEBUG
dump("NONCE", (char *)nonce, nonce_len);
dump("KEY", (char *)true_key, 32);
#endif
}
result_t Cipher::process(const mbedtls_operation_t operation, Buffer_base *data,
obj_ptr<Buffer_base> &retVal)
{
int32_t ret;
ret = mbedtls_cipher_setkey(&m_ctx, (unsigned char *)m_key.c_str(), (int32_t)m_key.length() * 8,
operation);
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
ret = mbedtls_cipher_reset(&m_ctx);
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
exlib::string input;
exlib::string output;
unsigned char buffer[1024];
size_t olen, ilen, offset, block_size, data_size;
data->toString(input);
block_size = mbedtls_cipher_get_block_size(&m_ctx);
data_size = input.length();
for (offset = 0; offset < data_size; offset += block_size)
{
ilen = ((uint32_t)data_size - offset > block_size) ?
block_size : (uint32_t)(data_size - offset);
ret = mbedtls_cipher_update(&m_ctx, (unsigned char *)input.c_str() + offset,
ilen, buffer, &olen);
if (ret != 0)
{
reset();
return CHECK_ERROR(_ssl::setError(ret));
}
output.append((const char *)buffer, olen);
}
ret = mbedtls_cipher_finish(&m_ctx, buffer, &olen);
reset();
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
output.append((const char *)buffer, olen);
retVal = new Buffer(output);
return 0;
}
static int cipher_set_decrypt_key_cbc(struct ssh_cipher_struct *cipher, void *key,
void *IV)
{
const mbedtls_cipher_info_t *cipher_info;
int rc;
mbedtls_cipher_init(&cipher->decrypt_ctx);
cipher_info = mbedtls_cipher_info_from_type(cipher->type);
rc = mbedtls_cipher_setup(&cipher->decrypt_ctx, cipher_info);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed");
goto error;
}
rc = mbedtls_cipher_setkey(&cipher->decrypt_ctx, key,
cipher_info->key_bitlen,
MBEDTLS_DECRYPT);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed");
goto error;
}
rc = mbedtls_cipher_set_iv(&cipher->decrypt_ctx, IV, cipher_info->iv_size);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_iv failed");
goto error;
}
rc = mbedtls_cipher_set_padding_mode(&cipher->decrypt_ctx,
MBEDTLS_PADDING_NONE);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_padding_mode failed");
goto error;
}
mbedtls_cipher_reset(&cipher->decrypt_ctx);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed");
goto error;
}
return SSH_OK;
error:
mbedtls_cipher_free(&cipher->decrypt_ctx);
return SSH_ERROR;
}
int
cipher_ctx_reset(mbedtls_cipher_context_t *ctx, const uint8_t *iv_buf)
{
if (!mbed_ok(mbedtls_cipher_reset(ctx)))
{
return 0;
}
if (!mbed_ok(mbedtls_cipher_set_iv(ctx, iv_buf, ctx->cipher_info->iv_size)))
{
return 0;
}
return 1;
}
static void cipher_decrypt_cbc(struct ssh_cipher_struct *cipher, void *in, void *out,
unsigned long len)
{
size_t outlen = 0;
int rc = 0;
rc = mbedtls_cipher_update(&cipher->decrypt_ctx, in, len, out, &outlen);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update failed during decryption");
return;
}
/* MbedTLS caches the last block when decrypting with cbc.
* By calling finish the block is flushed to out, however the unprocessed
* data counter is not reset.
* Calling mbedtls_cipher_reset resets the unprocessed data counter.
*/
if (outlen == 0) {
rc = mbedtls_cipher_finish(&cipher->decrypt_ctx, out, &outlen);
} else if (outlen == len) {
return;
} else {
rc = mbedtls_cipher_finish(&cipher->decrypt_ctx, (unsigned char *) out +
outlen , &outlen);
}
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_finish failed during decryption");
return;
}
rc = mbedtls_cipher_reset(&cipher->decrypt_ctx);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed during decryption");
return;
}
if (outlen != len) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update: output size %zu for %zu",
outlen, len);
return;
}
}
static int cipher_set_encrypt_key(struct ssh_cipher_struct *cipher, void *key,
void *IV)
{
const mbedtls_cipher_info_t *cipher_info = NULL;
int rc;
mbedtls_cipher_init(&cipher->encrypt_ctx);
cipher_info = mbedtls_cipher_info_from_type(cipher->type);
rc = mbedtls_cipher_setup(&cipher->encrypt_ctx, cipher_info);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setup failed");
goto error;
}
rc = mbedtls_cipher_setkey(&cipher->encrypt_ctx, key,
cipher_info->key_bitlen,
MBEDTLS_ENCRYPT);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed");
goto error;
}
rc = mbedtls_cipher_set_iv(&cipher->encrypt_ctx, IV, cipher_info->iv_size);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_iv failed");
goto error;
}
rc = mbedtls_cipher_reset(&cipher->encrypt_ctx);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed");
goto error;
}
return SSH_OK;
error:
mbedtls_cipher_free(&cipher->encrypt_ctx);
return SSH_ERROR;
}
/*
* Packet-oriented wrapper for non-AEAD modes
*/
int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen )
{
int ret;
size_t finish_olen;
if( ( ret = mbedtls_cipher_set_iv( ctx, iv, iv_len ) ) != 0 )
return( ret );
if( ( ret = mbedtls_cipher_reset( ctx ) ) != 0 )
return( ret );
if( ( ret = mbedtls_cipher_update( ctx, input, ilen, output, olen ) ) != 0 )
return( ret );
if( ( ret = mbedtls_cipher_finish( ctx, output + *olen, &finish_olen ) ) != 0 )
return( ret );
*olen += finish_olen;
return( 0 );
}
void cipher_context_set_iv(cipher_ctx_t *ctx, uint8_t *iv, size_t iv_len,
int enc)
{
const unsigned char *true_key;
if (iv == NULL) {
LOGE("cipher_context_set_iv(): IV is null");
return;
}
if (!enc) {
memcpy(ctx->iv, iv, iv_len);
}
if (enc_method >= SALSA20) {
return;
}
if (enc_method == RC4_MD5) {
unsigned char key_iv[32];
memcpy(key_iv, enc_key, 16);
memcpy(key_iv + 16, iv, 16);
true_key = enc_md5(key_iv, 32, NULL);
iv_len = 0;
} else {
true_key = enc_key;
}
#ifdef USE_CRYPTO_APPLECC
cipher_cc_t *cc = &ctx->cc;
if (cc->valid == kCCContextValid) {
memcpy(cc->iv, iv, iv_len);
memcpy(cc->key, true_key, enc_key_len);
cc->iv_len = iv_len;
cc->key_len = enc_key_len;
cc->encrypt = enc ? kCCEncrypt : kCCDecrypt;
if (cc->cryptor != NULL) {
CCCryptorRelease(cc->cryptor);
cc->cryptor = NULL;
}
CCCryptorStatus ret;
ret = CCCryptorCreateWithMode(
cc->encrypt,
cc->mode,
cc->cipher,
cc->padding,
cc->iv, cc->key, cc->key_len,
NULL, 0, 0, 0,
&cc->cryptor);
if (ret != kCCSuccess) {
if (cc->cryptor != NULL) {
CCCryptorRelease(cc->cryptor);
cc->cryptor = NULL;
}
FATAL("Cannot set CommonCrypto key and IV");
}
return;
}
#endif
cipher_evp_t *evp = &ctx->evp;
if (evp == NULL) {
LOGE("cipher_context_set_iv(): Cipher context is null");
return;
}
#if defined(USE_CRYPTO_OPENSSL)
if (!EVP_CipherInit_ex(evp, NULL, NULL, true_key, iv, enc)) {
EVP_CIPHER_CTX_cleanup(evp);
FATAL("Cannot set key and IV");
}
#elif defined(USE_CRYPTO_POLARSSL)
// XXX: PolarSSL 1.3.11: cipher_free_ctx deprecated, Use cipher_free() instead.
if (cipher_setkey(evp, true_key, enc_key_len * 8, enc) != 0) {
cipher_free_ctx(evp);
FATAL("Cannot set PolarSSL cipher key");
}
#if POLARSSL_VERSION_NUMBER >= 0x01030000
if (cipher_set_iv(evp, iv, iv_len) != 0) {
cipher_free_ctx(evp);
FATAL("Cannot set PolarSSL cipher IV");
}
if (cipher_reset(evp) != 0) {
cipher_free_ctx(evp);
FATAL("Cannot finalize PolarSSL cipher context");
}
#else
if (cipher_reset(evp, iv) != 0) {
cipher_free_ctx(evp);
FATAL("Cannot set PolarSSL cipher IV");
}
#endif
#elif defined(USE_CRYPTO_MBEDTLS)
if (mbedtls_cipher_setkey(evp, true_key, enc_key_len * 8, enc) != 0) {
mbedtls_cipher_free(evp);
FATAL("Cannot set mbed TLS cipher key");
}
if (mbedtls_cipher_set_iv(evp, iv, iv_len) != 0) {
mbedtls_cipher_free(evp);
FATAL("Cannot set mbed TLS cipher IV");
}
if (mbedtls_cipher_reset(evp) != 0) {
mbedtls_cipher_free(evp);
FATAL("Cannot finalize mbed TLS cipher context");
}
#endif
#ifdef DEBUG
dump("IV", (char *)iv, iv_len);
#endif
}
int CipherContext::reset(State & state, mbedtls_cipher_context_t * context){
Stack * stack = state.stack;
stack->push<int>(mbedtls_cipher_reset(context));
return 1;
}
