[or-cvs] Add AES counter-mode support to the crypt library

[nickm@seul.org (Nick Mathewson)]

Update of /home/or/cvsroot/src/common
In directory moria.mit.edu:/tmp/cvs-serv3709/src/common

Modified Files:
	Makefile.am crypto.c crypto.h 
Log Message:
Add AES counter-mode support to the crypt library

Index: Makefile.am
===================================================================
RCS file: /home/or/cvsroot/src/common/Makefile.am,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- Makefile.am	18 Jun 2003 07:42:13 -0000	1.12
+++ Makefile.am	30 Jun 2003 19:18:32 -0000	1.13
@@ -3,7 +3,7 @@
 
 #CFLAGS  = -Wall -Wpointer-arith -O2
 
-libor_a_SOURCES = log.c crypto.c fakepoll.c util.c
+libor_a_SOURCES = log.c crypto.c fakepoll.c util.c aes.c
 
-noinst_HEADERS = log.h crypto.h fakepoll.h test.h util.h
+noinst_HEADERS = log.h crypto.h fakepoll.h test.h util.h aes.h
 

Index: crypto.c
===================================================================
RCS file: /home/or/cvsroot/src/common/crypto.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -d -r1.26 -r1.27
--- crypto.c	24 Jun 2003 21:34:19 -0000	1.26
+++ crypto.c	30 Jun 2003 19:18:32 -0000	1.27
@@ -20,6 +20,7 @@
 #include "crypto.h"
 #include "../or/or.h"
 #include "log.h"
+#include "aes.h"
 
 #if OPENSSL_VERSION_NUMBER < 0x00905000l
 #error "We require openssl >= 0.9.5"
@@ -55,6 +56,7 @@
     case CRYPTO_CIPHER_DES: return 8;
     case CRYPTO_CIPHER_RC4: return 16;
     case CRYPTO_CIPHER_3DES: return 8;
+    case CRYPTO_CIPHER_AES_CTR: return 0;
     default: assert(0); return -1;
     }
 }
@@ -71,6 +73,7 @@
     case CRYPTO_CIPHER_DES: return 8;
     case CRYPTO_CIPHER_RC4: return 16;
     case CRYPTO_CIPHER_3DES: return 16;
+    case CRYPTO_CIPHER_AES_CTR: return 16;
     default: assert(0); return -1;
     }
 }
@@ -205,7 +208,9 @@
   iv_len = crypto_cipher_iv_length(type);
   key_len = crypto_cipher_key_length(type);
   
-  if (! crypto_cipher_evp_cipher(type,0))
+  if (type == CRYPTO_CIPHER_AES_CTR) {
+    env->aux = (unsigned char *)aes_new_cipher();
+  } else if (! crypto_cipher_evp_cipher(type,0)) 
     /* This is not an openssl cipher */
     goto err;
   else {
@@ -236,7 +241,11 @@
 {
   assert(env);
 
-  if (crypto_cipher_evp_cipher(env->type,0)) {
+  if (env->type == CRYPTO_CIPHER_AES_CTR) {
+    assert(env->aux);
+    aes_free_cipher((aes_cnt_cipher_t*)env->aux);
+    env->aux = NULL;
+  } else if (crypto_cipher_evp_cipher(env->type,0)) {
     /* This is an openssl cipher */
     assert(env->aux);
     EVP_CIPHER_CTX_cleanup((EVP_CIPHER_CTX *)env->aux);
@@ -618,6 +627,9 @@
     RETURN_SSL_OUTCOME(EVP_EncryptInit((EVP_CIPHER_CTX *)env->aux,
                                        crypto_cipher_evp_cipher(env->type, 1),
                                        env->key, env->iv));
+  } else if (env->type == CRYPTO_CIPHER_AES_CTR) {
+    aes_set_key((aes_cnt_cipher_t*)env->aux, env->key, 128);
+    return 0;
   } else {
     return -1;
   }
@@ -631,6 +643,9 @@
     RETURN_SSL_OUTCOME(EVP_EncryptInit((EVP_CIPHER_CTX *)env->aux,
                                        crypto_cipher_evp_cipher(env->type, 0),
                                        env->key, env->iv));
+  } else if (env->type == CRYPTO_CIPHER_AES_CTR) {
+    aes_set_key((aes_cnt_cipher_t*)env->aux, env->key, 128);
+    return 0;
   } else {
     return -1;
   }
@@ -642,7 +657,12 @@
   
   assert(env && from && to);
   
-  RETURN_SSL_OUTCOME(EVP_EncryptUpdate((EVP_CIPHER_CTX *)env->aux, to, &tolen, from, fromlen));
+  if (env->type == CRYPTO_CIPHER_AES_CTR) {
+    aes_crypt((aes_cnt_cipher_t*)env->aux, from, fromlen, to);
+    return 0;
+  } else {
+    RETURN_SSL_OUTCOME(EVP_EncryptUpdate((EVP_CIPHER_CTX *)env->aux, to, &tolen, from, fromlen));
+  }
 }
 
 int crypto_cipher_decrypt(crypto_cipher_env_t *env, unsigned char *from, unsigned int fromlen, unsigned char *to)
@@ -650,9 +670,26 @@
   int tolen;
   
   assert(env && from && to);
-  
-  RETURN_SSL_OUTCOME(EVP_DecryptUpdate((EVP_CIPHER_CTX *)env->aux, to, &tolen, from, fromlen));
+
+  if (env->type == CRYPTO_CIPHER_AES_CTR) {
+    aes_crypt((aes_cnt_cipher_t*)env->aux, from, fromlen, to);
+    return 0;
+  } else {  
+    RETURN_SSL_OUTCOME(EVP_DecryptUpdate((EVP_CIPHER_CTX *)env->aux, to, &tolen, from, fromlen));
+  }
 }
+
+int
+crypto_cipher_advance(crypto_cipher_env_t *env, long delta)
+{
+  if (env->type == CRYPTO_CIPHER_AES_CTR) {
+    aes_adjust_counter((aes_cnt_cipher_t*)env->aux, delta);
+    return 0;
+  } else {  
+    return -1;
+  }
+}
+
 
 /* SHA-1 */
 int crypto_SHA_digest(unsigned char *m, int len, unsigned char *digest)

Index: crypto.h
===================================================================
RCS file: /home/or/cvsroot/src/common/crypto.h,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- crypto.h	13 Jun 2003 21:13:37 -0000	1.12
+++ crypto.h	30 Jun 2003 19:18:32 -0000	1.13
@@ -13,6 +13,7 @@
 #define CRYPTO_CIPHER_DES 1
 #define CRYPTO_CIPHER_RC4 2
 #define CRYPTO_CIPHER_3DES 3
+#define CRYPTO_CIPHER_AES_CTR 4
 
 #define CRYPTO_PK_RSA 0
 
@@ -92,6 +93,9 @@
 
 int crypto_cipher_encrypt(crypto_cipher_env_t *env, unsigned char *from, unsigned int fromlen, unsigned char *to);
 int crypto_cipher_decrypt(crypto_cipher_env_t *env, unsigned char *from, unsigned int fromlen, unsigned char *to);
+
+/* only implemented for CRYPTO_CIPHER_AES_CTR */
+int crypto_cipher_advance(crypto_cipher_env_t *env, long delta);
 
 /* convenience function: wraps crypto_create_crypto_env, set_key, set_iv, and init. */
 crypto_cipher_env_t *crypto_create_init_cipher(int cipher_type, char *key, char *iv, int encrypt_mode);