static int aes_ctr_cipher (EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { unsigned int num = ctx->num; EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; if (dat->stream.ctr) CRYPTO_ctr128_encrypt_ctr32(in,out,len,&dat->ks, ctx->iv,ctx->buf,&num,dat->stream.ctr); else CRYPTO_ctr128_encrypt(in,out,len,&dat->ks, ctx->iv,ctx->buf,&num,dat->block); ctx->num = (size_t)num; return 1; }
static void aes_ctr_encrypt(struct ssh_cipher_struct *cipher, void *in, void *out, size_t len) { unsigned char tmp_buffer[AES_BLOCK_SIZE]; unsigned int num=0; /* Some things are special with ctr128 : * In this case, tmp_buffer is not being used, because it is used to store temporary data * when an encryption is made on lengths that are not multiple of blocksize. * Same for num, which is being used to store the current offset in blocksize in CTR * function. */ #ifdef HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT CRYPTO_ctr128_encrypt(in, out, len, &cipher->aes_key->key, cipher->aes_key->IV, tmp_buffer, &num, (block128_f)AES_encrypt); #else AES_ctr128_encrypt(in, out, len, &cipher->aes_key->key, cipher->aes_key->IV, tmp_buffer, &num); #endif /* HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT */ }
static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { unsigned int num = EVP_CIPHER_CTX_num(ctx); EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); if (dat->stream.ctr) CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_buf_noconst(ctx), &num, dat->stream.ctr); else CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_buf_noconst(ctx), &num, dat->block); EVP_CIPHER_CTX_set_num(ctx, num); return 1; }
static void aead_aes_ctr_hmac_sha256_crypt( const struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx, uint8_t *out, const uint8_t *in, size_t len, const uint8_t *nonce) { // Since the AEAD operation is one-shot, keeping a buffer of unused keystream // bytes is pointless. However, |CRYPTO_ctr128_encrypt| requires it. uint8_t partial_block_buffer[AES_BLOCK_SIZE]; unsigned partial_block_offset = 0; OPENSSL_memset(partial_block_buffer, 0, sizeof(partial_block_buffer)); uint8_t counter[AES_BLOCK_SIZE]; OPENSSL_memcpy(counter, nonce, EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN); OPENSSL_memset(counter + EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN, 0, 4); if (aes_ctx->ctr) { CRYPTO_ctr128_encrypt_ctr32(in, out, len, &aes_ctx->ks.ks, counter, partial_block_buffer, &partial_block_offset, aes_ctx->ctr); } else { CRYPTO_ctr128_encrypt(in, out, len, &aes_ctx->ks.ks, counter, partial_block_buffer, &partial_block_offset, aes_ctx->block); } }