23 #include "lib/crypt_ops/compat_openssl.h"
24 #include <openssl/opensslv.h>
27 #if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
28 #error "We require OpenSSL >= 1.0.0"
31 DISABLE_GCC_WARNING(
"-Wredundant-decls")
35 #include <openssl/aes.h>
36 #include <openssl/evp.h>
37 #include <openssl/engine.h>
38 #include <openssl/modes.h>
40 ENABLE_GCC_WARNING(
"-Wredundant-decls")
42 #include "lib/log/log.h"
45 #ifdef OPENSSL_NO_ENGINE
47 #define DISABLE_ENGINES
60 #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0)
65 #define USE_EVP_AES_CTR
67 #elif OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) && \
68 (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
69 defined(__x86_64) || defined(__x86_64__) || \
70 defined(_M_AMD64) || defined(_M_X64) || defined(__INTEL__))
72 #define USE_EVP_AES_CTR
95 #ifdef USE_EVP_AES_CTR
100 aes_new_cipher(
const uint8_t *key,
const uint8_t *iv,
int key_bits)
102 EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new();
103 const EVP_CIPHER *c = NULL;
105 case 128: c = EVP_aes_128_ctr();
break;
106 case 192: c = EVP_aes_192_ctr();
break;
107 case 256: c = EVP_aes_256_ctr();
break;
108 default: tor_assert_unreached();
110 EVP_EncryptInit(cipher, c, key, iv);
111 return (aes_cnt_cipher_t *) cipher;
114 aes_cipher_free_(aes_cnt_cipher_t *cipher_)
118 EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_;
119 #ifdef OPENSSL_1_1_API
120 EVP_CIPHER_CTX_reset(cipher);
122 EVP_CIPHER_CTX_cleanup(cipher);
124 EVP_CIPHER_CTX_free(cipher);
127 aes_crypt_inplace(aes_cnt_cipher_t *cipher_,
char *data,
size_t len)
130 EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_;
134 EVP_EncryptUpdate(cipher, (
unsigned char*)data,
135 &outl, (
unsigned char*)data, (
int)len);
138 evaluate_evp_for_aes(
int force_val)
141 log_info(
LD_CRYPTO,
"This version of OpenSSL has a known-good EVP "
142 "counter-mode implementation. Using it.");
146 evaluate_ctr_for_aes(
void)
156 struct aes_cnt_cipher_t {
163 #if !defined(WORDS_BIGENDIAN)
164 #define USING_COUNTER_VARS
193 static int should_use_EVP = 0;
199 evaluate_evp_for_aes(
int force_val)
203 if (force_val >= 0) {
204 should_use_EVP = force_val;
207 #ifdef DISABLE_ENGINES
210 e = ENGINE_get_cipher_engine(NID_aes_128_ecb);
213 log_info(
LD_CRYPTO,
"AES engine \"%s\" found; using EVP_* functions.",
217 log_info(
LD_CRYPTO,
"No AES engine found; using AES_* functions.");
233 evaluate_ctr_for_aes(
void)
239 static const unsigned char encrypt_zero[] =
240 "\x66\xe9\x4b\xd4\xef\x8a\x2c\x3b\x88\x4c\xfa\x59\xca\x34\x2b\x2e";
241 unsigned char zero[16];
242 unsigned char output[16];
243 unsigned char ivec[16];
244 unsigned char ivec_tmp[16];
247 memset(zero, 0,
sizeof(zero));
248 memset(ivec, 0,
sizeof(ivec));
249 AES_set_encrypt_key(zero, 128, &key);
255 AES_ctr128_encrypt(&zero[i], &output[i], 1, &key, ivec, ivec_tmp, &pos);
260 log_err(
LD_CRYPTO,
"This OpenSSL has a buggy version of counter mode; "
268 #if !defined(USING_COUNTER_VARS)
269 #define COUNTER(c, n) ((c)->ctr_buf.buf32[3-(n)])
271 #define COUNTER(c, n) ((c)->counter ## n)
274 static void aes_set_key(aes_cnt_cipher_t *cipher,
const uint8_t *key,
276 static void aes_set_iv(aes_cnt_cipher_t *cipher,
const uint8_t *iv);
283 aes_new_cipher(
const uint8_t *key,
const uint8_t *iv,
int bits)
285 aes_cnt_cipher_t* result = tor_malloc_zero(
sizeof(aes_cnt_cipher_t));
287 aes_set_key(result, key, bits);
288 aes_set_iv(result, iv);
298 aes_set_key(aes_cnt_cipher_t *cipher,
const uint8_t *key,
int key_bits)
300 if (should_use_EVP) {
301 const EVP_CIPHER *c = 0;
303 case 128: c = EVP_aes_128_ecb();
break;
304 case 192: c = EVP_aes_192_ecb();
break;
305 case 256: c = EVP_aes_256_ecb();
break;
308 EVP_EncryptInit(&cipher->key.evp, c, key, NULL);
309 cipher->using_evp = 1;
311 AES_set_encrypt_key(key, key_bits,&cipher->key.aes);
312 cipher->using_evp = 0;
315 #ifdef USING_COUNTER_VARS
316 cipher->counter0 = 0;
317 cipher->counter1 = 0;
318 cipher->counter2 = 0;
319 cipher->counter3 = 0;
322 memset(cipher->ctr_buf.buf, 0,
sizeof(cipher->ctr_buf.buf));
326 memset(cipher->buf, 0,
sizeof(cipher->buf));
332 aes_cipher_free_(aes_cnt_cipher_t *cipher)
336 if (cipher->using_evp) {
337 EVP_CIPHER_CTX_cleanup(&cipher->key.evp);
339 memwipe(cipher, 0,
sizeof(aes_cnt_cipher_t));
343 #if defined(USING_COUNTER_VARS)
344 #define UPDATE_CTR_BUF(c, n) STMT_BEGIN \
345 (c)->ctr_buf.buf32[3-(n)] = htonl((c)->counter ## n); \
348 #define UPDATE_CTR_BUF(c, n)
353 evp_block128_fn(
const uint8_t in[16],
357 EVP_CIPHER_CTX *ctx = (
void*)key;
359 EVP_EncryptUpdate(ctx, out, &outl, in, inl);
367 aes_crypt_inplace(aes_cnt_cipher_t *cipher,
char *data,
size_t len)
371 if (cipher->using_evp) {
375 CRYPTO_ctr128_encrypt((
const unsigned char *)data,
376 (
unsigned char *)data,
384 AES_ctr128_encrypt((
const unsigned char *)data,
385 (
unsigned char *)data,
397 aes_set_iv(aes_cnt_cipher_t *cipher,
const uint8_t *iv)
399 #ifdef USING_COUNTER_VARS
406 memcpy(cipher->ctr_buf.buf, iv, 16);
Inline functions for reading and writing multibyte values from the middle of strings,...
static uint32_t tor_ntohl(uint32_t a)
static uint32_t get_uint32(const void *cp)
Headers for crypto_openssl_mgt.c.
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
#define fast_memneq(a, b, c)
Macros to manage assertions, fatal and non-fatal.