aes128-ctr aes192-ctr aes256-ctr for libgcrypt

2010-02-09 22:24:04 +01:00 · 2010-02-09 22:24:04 +01:00 · fdfd12716e
--- a/libssh/kex.c
+++ b/libssh/kex.c
@ -44,7 +44,7 @@

 #ifdef HAVE_LIBGCRYPT
 #define BLOWFISH "blowfish-cbc,"
-#define AES "aes256-cbc,aes192-cbc,aes128-cbc,"
+#define AES "aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,"
 #define DES "3des-cbc"
 #elif defined HAVE_LIBCRYPTO
 #ifdef HAVE_OPENSSL_BLOWFISH_H
--- a/libssh/wrapper.c
+++ b/libssh/wrapper.c
@ -157,29 +157,31 @@ static void blowfish_decrypt(struct crypto_struct *cipher, void *in,
 }

 static int aes_set_key(struct crypto_struct *cipher, void *key, void *IV) {
+  int mode=GCRY_CIPHER_MODE_CBC;
  if (cipher->key == NULL) {
    if (alloc_key(cipher) < 0) {
      return -1;
    }
-
+    if(strstr(cipher->name,"-ctr"))
+      mode=GCRY_CIPHER_MODE_CTR;
    switch (cipher->keysize) {
      case 128:
        if (gcry_cipher_open(&cipher->key[0], GCRY_CIPHER_AES128,
-              GCRY_CIPHER_MODE_CBC, 0)) {
+              mode, 0)) {
          SAFE_FREE(cipher->key);
          return -1;
        }
        break;
      case 192:
        if (gcry_cipher_open(&cipher->key[0], GCRY_CIPHER_AES192,
-              GCRY_CIPHER_MODE_CBC, 0)) {
+              mode, 0)) {
          SAFE_FREE(cipher->key);
          return -1;
        }
        break;
      case 256:
        if (gcry_cipher_open(&cipher->key[0], GCRY_CIPHER_AES256,
-              GCRY_CIPHER_MODE_CBC, 0)) {
+              mode, 0)) {
          SAFE_FREE(cipher->key);
          return -1;
        }
@ -189,10 +191,18 @@ static int aes_set_key(struct crypto_struct *cipher, void *key, void *IV) {
      SAFE_FREE(cipher->key);
      return -1;
    }
+    if(mode == GCRY_CIPHER_MODE_CBC){
      if (gcry_cipher_setiv(cipher->key[0], IV, 16)) {
+
        SAFE_FREE(cipher->key);
        return -1;
      }
+    } else {
+      if(gcry_cipher_setctr(cipher->key[0],IV,16)){
+        SAFE_FREE(cipher->key);
+        return -1;
+      }
+    }
  }

  return 0;
@ -319,6 +329,39 @@ static struct crypto_struct ssh_ciphertab[] = {
    .cbc_encrypt     = blowfish_encrypt,
    .cbc_decrypt     = blowfish_decrypt
  },
+  {
+    .name            = "aes128-ctr",
+    .blocksize       = 16,
+    .keylen          = sizeof(gcry_cipher_hd_t),
+    .key             = NULL,
+    .keysize         = 128,
+    .set_encrypt_key = aes_set_key,
+    .set_decrypt_key = aes_set_key,
+    .cbc_encrypt     = aes_encrypt,
+    .cbc_decrypt     = aes_encrypt
+  },
+  {
+      .name            = "aes192-ctr",
+      .blocksize       = 16,
+      .keylen          = sizeof(gcry_cipher_hd_t),
+      .key             = NULL,
+      .keysize         = 192,
+      .set_encrypt_key = aes_set_key,
+      .set_decrypt_key = aes_set_key,
+      .cbc_encrypt     = aes_encrypt,
+      .cbc_decrypt     = aes_encrypt
+  },
+  {
+      .name            = "aes256-ctr",
+      .blocksize       = 16,
+      .keylen          = sizeof(gcry_cipher_hd_t),
+      .key             = NULL,
+      .keysize         = 256,
+      .set_encrypt_key = aes_set_key,
+      .set_decrypt_key = aes_set_key,
+      .cbc_encrypt     = aes_encrypt,
+      .cbc_decrypt     = aes_encrypt
+  },
  {
    .name            = "aes128-cbc",
    .blocksize       = 16,