Re: V2! Small AES patches for src/crypt.c

Sun, 15 Apr 2018 07:12:40 -0700 

Please disregard the first patchset. Here's an updated set, with the
first two patches combined into one because that makes sense, and with
a fix that prevented the second patch from actually working correctly.
Oops.

Tested with OpenSSL and axTLS.


//Peter

From e1cfccd60cda0abef3c80327bc56f4e398b15186 Mon Sep 17 00:00:00 2001
From: Peter Stuge <pe...@stuge.se>
Date: Sun, 15 Apr 2018 01:54:43 +0200
Subject: [PATCH v2 1/2] src/crypt.c: Make all AES variants optional for crypto
 backends

This allows limited backends to only implement some AES variants.
---
 src/crypt.c | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/src/crypt.c b/src/crypt.c
index 4beb0aa..9df9e36 100644
--- a/src/crypt.c
+++ b/src/crypt.c
@@ -117,7 +117,7 @@ crypt_dtor(LIBSSH2_SESSION * session, void **abstract)
     return 0;
 }
 
-#if LIBSSH2_AES_CTR
+#ifdef _libssh2_cipher_aes128ctr
 static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_ctr = {
     "aes128-ctr",
     "",
@@ -130,7 +130,9 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_ctr = {
     &crypt_dtor,
     _libssh2_cipher_aes128ctr
 };
+#endif
 
+#ifdef _libssh2_cipher_aes192ctr
 static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes192_ctr = {
     "aes192-ctr",
     "",
@@ -143,7 +145,9 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes192_ctr = {
     &crypt_dtor,
     _libssh2_cipher_aes192ctr
 };
+#endif
 
+#ifdef _libssh2_cipher_aes256ctr
 static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes256_ctr = {
     "aes256-ctr",
     "",
@@ -158,7 +162,7 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes256_ctr = {
 };
 #endif
 
-#if LIBSSH2_AES
+#ifdef _libssh2_cipher_aes128
 static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_cbc = {
     "aes128-cbc",
     "DEK-Info: AES-128-CBC",
@@ -171,7 +175,9 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_cbc = {
     &crypt_dtor,
     _libssh2_cipher_aes128
 };
+#endif
 
+#ifdef _libssh2_cipher_aes192
 static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes192_cbc = {
     "aes192-cbc",
     "DEK-Info: AES-192-CBC",
@@ -184,7 +190,9 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes192_cbc = {
     &crypt_dtor,
     _libssh2_cipher_aes192
 };
+#endif
 
+#ifdef _libssh2_cipher_aes256
 static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes256_cbc = {
     "aes256-cbc",
     "DEK-Info: AES-256-CBC",
@@ -212,7 +220,7 @@ static const LIBSSH2_CRYPT_METHOD
     &crypt_dtor,
     _libssh2_cipher_aes256
 };
-#endif /* LIBSSH2_AES */
+#endif
 
 #if LIBSSH2_BLOWFISH
 static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_blowfish_cbc = {
@@ -311,17 +319,25 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_3des_cbc = {
 #endif
 
 static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = {
-#if LIBSSH2_AES_CTR
+#ifdef _libssh2_cipher_aes128ctr
   &libssh2_crypt_method_aes128_ctr,
+#endif
+#ifdef _libssh2_cipher_aes192ctr
   &libssh2_crypt_method_aes192_ctr,
+#endif
+#ifdef _libssh2_cipher_aes256ctr
   &libssh2_crypt_method_aes256_ctr,
-#endif /* LIBSSH2_AES */
-#if LIBSSH2_AES
+#endif
+#ifdef _libssh2_cipher_aes256
     &libssh2_crypt_method_aes256_cbc,
     &libssh2_crypt_method_rijndael_cbc_lysator_liu_se,  /* == aes256-cbc */
+#endif
+#ifdef _libssh2_cipher_aes192
     &libssh2_crypt_method_aes192_cbc,
+#endif
+#ifdef _libssh2_cipher_aes128
     &libssh2_crypt_method_aes128_cbc,
-#endif /* LIBSSH2_AES */
+#endif
 #if LIBSSH2_BLOWFISH
     &libssh2_crypt_method_blowfish_cbc,
 #endif /* LIBSSH2_BLOWFISH */
-- 

From d3389c4c31a98a8c9b6ca7c3fa47074f4bf2a855 Mon Sep 17 00:00:00 2001
From: Peter Stuge <pe...@stuge.se>
Date: Sun, 15 Apr 2018 01:57:21 +0200
Subject: [PATCH v2 2/2] src/crypt.c: Make AES algorithm list
 aes{256,192,128}-{ctr,cbc}

The new order prefers larger keys and CTR over CBC for each key size:

aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc

The order of the algorithm list determines the default KEX message.

The default KEX message can, as before, be overridden using:

libssh2_session_method_pref(..., LIBSSH2_METHOD_CRYPT_{CS,SC}, ...)
---
 src/crypt.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/crypt.c b/src/crypt.c
index 9df9e36..eef5e59 100644
--- a/src/crypt.c
+++ b/src/crypt.c
@@ -319,12 +319,6 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_3des_cbc = {
 #endif
 
 static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = {
-#ifdef _libssh2_cipher_aes128ctr
-  &libssh2_crypt_method_aes128_ctr,
-#endif
-#ifdef _libssh2_cipher_aes192ctr
-  &libssh2_crypt_method_aes192_ctr,
-#endif
 #ifdef _libssh2_cipher_aes256ctr
   &libssh2_crypt_method_aes256_ctr,
 #endif
@@ -332,9 +326,15 @@ static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = {
     &libssh2_crypt_method_aes256_cbc,
     &libssh2_crypt_method_rijndael_cbc_lysator_liu_se,  /* == aes256-cbc */
 #endif
+#ifdef _libssh2_cipher_aes192ctr
+  &libssh2_crypt_method_aes192_ctr,
+#endif
 #ifdef _libssh2_cipher_aes192
     &libssh2_crypt_method_aes192_cbc,
 #endif
+#ifdef _libssh2_cipher_aes128ctr
+  &libssh2_crypt_method_aes128_ctr,
+#endif
 #ifdef _libssh2_cipher_aes128
     &libssh2_crypt_method_aes128_cbc,
 #endif
-- 

_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Reply via email to