FelipeMdeO opened a new pull request, #19441:
URL: https://github.com/apache/nuttx/pull/19441

   ## Summary
   
   Add `CRYPTO_AES_CTR_SSH`, an AES-CTR encryption transform that uses the 
whole 16-byte IV as the initial counter block and increments it as a 128-bit 
big-endian integer (RFC 4344), with the first keystream block being `E(IV)`.
   
   The existing `CRYPTO_AES_CTR` is the RFC 3686 profile: the last 4 bytes of 
the key are a nonce, the IV is 8 bytes and only the low 32 bits of the counter 
block are incremented. That layout cannot represent SSH's 
`aes128-ctr`/`aes192-ctr`/`aes256-ctr`, which pass the key as-is (no embedded 
nonce) and treat the full 16-byte IV as the counter.
   
   This new transform provides the missing primitive so that a follow-up 
Dropbear port change can offload SSH AES-CTR to `/dev/crypto`.
   
   ## Impact
   
   - **Users**: none. No existing algorithm changes behavior; the new transform 
is only reachable by requesting `CRYPTO_AES_CTR_SSH`.
   - **Build**: one new algorithm id (`CRYPTO_ALGORITHM_MAX` bumped), one new 
`enc_xform` and case labels; no new files, no new config options.
   - **Security**: standard AES-CTR keystream, validated against OpenSSL below.
   
   ## Testing
   
   Tested on `sim:crypto`, whose software backend 
(`CRYPTO_CRYPTODEV_SOFTWARE_CRYPTO` + `CRYPTO_SW_AES`) routes the new 
transform, plus the `/dev/crypto` test suite (`TESTING_CRYPTO`).
   
   **1. Derive the expected ciphertext from a trusted implementation.** SSH 
AES-CTR is standard AES-CTR, so OpenSSL is used as the oracle for the test 
vectors (128/192/256-bit keys, plus a counter that carries across byte 
boundaries — IV ending in `...fffd`). Example for the 128-bit vector:
   
   ```console
   $ echo -n "Single block msg" > pt.bin
   $ openssl enc -aes-128-ctr \
       -K 2b7e151628aed2a6abf7158809cf4f3c \
       -iv f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff -in pt.bin | xxd -p
   bfe5b114f4055cd29ebd751ecaf3d283
   ```
   
   **2. Drive the transform through `/dev/crypto`.** A companion test 
`apps/testing/drivers/crypto/aesctrssh.c` (enabled with 
`TESTING_CRYPTO_AES_CTR_SSH`) opens `/dev/crypto`, creates a 
`CRYPTO_AES_CTR_SSH` session (`CIOCGSESSION`), encrypts each vector with 
`CIOCCRYPT` and compares the output against the OpenSSL ciphertext from step 1.
   
   **3. Build and run.**
   
   ```console
   $ ./tools/configure.sh sim:crypto
   $ make
   $ ./nuttx
   nsh> aesctrssh
   OK test vector 0    # 128-bit, one block
   OK test vector 1    # 128-bit, counter carry + non-block-aligned length
   OK test vector 2    # 192-bit
   OK test vector 3    # 256-bit
   ```
   
   **4. Check for regressions.** On the same image the existing RFC 3686 
`aesctr`, `aesxts` and `hmac` tests still pass (this change only adds case 
labels and one transform; no existing case is modified):
   
   ```console
   nsh> aesctr
   OK test vector 0
   OK test vector 1
   OK test vector 2
   OK test vector 3
   OK test vector 4
   OK test vector 5
   OK test vector 6
   OK test vector 7
   OK test vector 8
   nsh> aesxts
   OK encrypt test vector 0
   OK decrypt test vector 0
   OK encrypt test vector 1
   OK decrypt test vector 1
   OK encrypt test vector 2
   OK decrypt test vector 2
   OK encrypt test vector 3
   OK decrypt test vector 3
   OK encrypt test vector 4
   OK decrypt test vector 4
   OK encrypt test vector 5
   OK decrypt test vector 5
   OK encrypt test vector 6
   OK decrypt test vector 6
   OK encrypt test vector 7
   OK decrypt test vector 7
   OK encrypt test vector 8
   OK decrypt test vector 8
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to