PuTTY snapshot dfdb73e1 (Complete rewrite of the AES code - 2019-01-13)

Source commit: c51d2ef5627a771a2fdbaf407fe324cb5db19561

source/putty/import.c

@@ -547,13 +547,11 @@ static ssh2_userkey *openssh_pem_read(
             des3_decrypt_pubkey_ossh(keybuf, key->iv,
                                      key->keyblob->u, key->keyblob->len);
         else {
-            AESContext *ctx;
-            assert(key->encryption == OP_E_AES);
-            ctx = aes_make_context();
-            aes128_key(ctx, keybuf);
-            aes_iv(ctx, key->iv);
-            aes_ssh2_decrypt_blk(ctx, key->keyblob->u, key->keyblob->len);
-            aes_free_context(ctx);
+            ssh2_cipher *cipher = ssh2_cipher_new(&ssh_aes128_cbc);
+            ssh2_cipher_setkey(cipher, keybuf);
+            ssh2_cipher_setiv(cipher, key->iv);
+            ssh2_cipher_decrypt(cipher, key->keyblob->u, key->keyblob->len);
+            ssh2_cipher_free(cipher);
         }
 
         smemclr(&md5c, sizeof(md5c));
@@ -1390,20 +1388,16 @@ static ssh2_userkey *openssh_new_read(
                 goto error;
             }
             {
-                void *ctx = aes_make_context();
-                aes256_key(ctx, keybuf);
-                aes_iv(ctx, keybuf + 32);
+                ssh2_cipher *cipher = ssh2_cipher_new(
+                    key->cipher == ON_E_AES256CBC ?
+                    &ssh_aes256_cbc : &ssh_aes256_sdctr);
+                ssh2_cipher_setkey(cipher, keybuf);
+                ssh2_cipher_setiv(cipher, keybuf + 32);
                 /* Decrypt the private section in place, casting away
                  * the const from key->private being a ptrlen */
-                if (key->cipher == ON_E_AES256CBC) {
-                    aes_ssh2_decrypt_blk(ctx, (char *)key->private.ptr,
-                                         key->private.len);
-                }
-                else {
-                    aes_ssh2_sdctr(ctx, (char *)key->private.ptr,
-                                   key->private.len);
-                }
-                aes_free_context(ctx);
+                ssh2_cipher_decrypt(cipher, (char *)key->private.ptr,
+                                    key->private.len);
+                ssh2_cipher_free(cipher);
             }
             break;
           default:
@@ -1594,18 +1588,17 @@ static bool openssh_new_write(
              * material: 32 bytes AES key + 16 bytes iv.
              */
             unsigned char keybuf[48];
-            void *ctx;
+            ssh2_cipher *cipher;
 
             openssh_bcrypt(passphrase,
                            bcrypt_salt, sizeof(bcrypt_salt), bcrypt_rounds,
                            keybuf, sizeof(keybuf));
 
-            ctx = aes_make_context();
-            aes256_key(ctx, keybuf);
-            aes_iv(ctx, keybuf + 32);
-            aes_ssh2_sdctr(ctx, cpblob->u,
-                           cpblob->len);
-            aes_free_context(ctx);
+            cipher = ssh2_cipher_new(&ssh_aes256_sdctr);
+            ssh2_cipher_setkey(cipher, keybuf);
+            ssh2_cipher_setiv(cipher, keybuf + 32);
+            ssh2_cipher_encrypt(cipher, cpblob->u, cpblob->len);
+            ssh2_cipher_free(cipher);
 
             smemclr(keybuf, sizeof(keybuf));
         }

source/putty/mpint_i.h

@@ -187,6 +187,29 @@
 #define BIGNUM_TOP_BIT (((BignumInt)1) << (BIGNUM_INT_BITS-1))
 #define BIGNUM_INT_MASK (BIGNUM_TOP_BIT | (BIGNUM_TOP_BIT-1))
 
+/*
+ * Just occasionally, we might need a GET_nnBIT_xSB_FIRST macro to
+ * operate on whatever BignumInt is.
+ */
+#if BIGNUM_INT_BITS_BITS == 4
+#define GET_BIGNUMINT_MSB_FIRST GET_16BIT_MSB_FIRST
+#define GET_BIGNUMINT_LSB_FIRST GET_16BIT_LSB_FIRST
+#define PUT_BIGNUMINT_MSB_FIRST PUT_16BIT_MSB_FIRST
+#define PUT_BIGNUMINT_LSB_FIRST PUT_16BIT_LSB_FIRST
+#elif BIGNUM_INT_BITS_BITS == 5
+#define GET_BIGNUMINT_MSB_FIRST GET_32BIT_MSB_FIRST
+#define GET_BIGNUMINT_LSB_FIRST GET_32BIT_LSB_FIRST
+#define PUT_BIGNUMINT_MSB_FIRST PUT_32BIT_MSB_FIRST
+#define PUT_BIGNUMINT_LSB_FIRST PUT_32BIT_LSB_FIRST
+#elif BIGNUM_INT_BITS_BITS == 6
+#define GET_BIGNUMINT_MSB_FIRST GET_64BIT_MSB_FIRST
+#define GET_BIGNUMINT_LSB_FIRST GET_64BIT_LSB_FIRST
+#define PUT_BIGNUMINT_MSB_FIRST PUT_64BIT_MSB_FIRST
+#define PUT_BIGNUMINT_LSB_FIRST PUT_64BIT_LSB_FIRST
+#else
+  #error Ran out of options for GET_BIGNUMINT_xSB_FIRST
+#endif
+
 /*
  * Common code across _most_ branches of the ifdef: define a set of
  * statement macros in terms of the BignumDblInt type provided. In

source/putty/ssh.h

@@ -676,6 +676,9 @@ struct ssh2_cipheralg {
     const char *text_name;
     /* If set, this takes priority over other MAC. */
     const ssh2_macalg *required_mac;
+
+    /* Pointer to any extra data used by a particular implementation. */
+    const void *extra;
 };
 
 #define ssh2_cipher_new(alg) ((alg)->new(alg))
@@ -856,12 +859,12 @@ extern const ssh2_cipheralg ssh_3des_ssh2_ctr;
 extern const ssh2_cipheralg ssh_3des_ssh2;
 extern const ssh2_cipheralg ssh_des_ssh2;
 extern const ssh2_cipheralg ssh_des_sshcom_ssh2;
-extern const ssh2_cipheralg ssh_aes256_ctr;
-extern const ssh2_cipheralg ssh_aes256;
-extern const ssh2_cipheralg ssh_aes192_ctr;
-extern const ssh2_cipheralg ssh_aes192;
-extern const ssh2_cipheralg ssh_aes128_ctr;
-extern const ssh2_cipheralg ssh_aes128;
+extern const ssh2_cipheralg ssh_aes256_sdctr;
+extern const ssh2_cipheralg ssh_aes256_cbc;
+extern const ssh2_cipheralg ssh_aes192_sdctr;
+extern const ssh2_cipheralg ssh_aes192_cbc;
+extern const ssh2_cipheralg ssh_aes128_sdctr;
+extern const ssh2_cipheralg ssh_aes128_cbc;
 extern const ssh2_cipheralg ssh_blowfish_ssh2_ctr;
 extern const ssh2_cipheralg ssh_blowfish_ssh2;
 extern const ssh2_cipheralg ssh_arcfour256_ssh2;
@@ -903,17 +906,6 @@ extern const ssh2_macalg ssh_hmac_sha256;
 extern const ssh2_macalg ssh2_poly1305;
 extern const ssh_compression_alg ssh_zlib;
 
-typedef struct AESContext AESContext;
-AESContext *aes_make_context(void);
-void aes_free_context(AESContext *ctx);
-void aes128_key(AESContext *ctx, const void *key);
-void aes192_key(AESContext *ctx, const void *key);
-void aes256_key(AESContext *ctx, const void *key);
-void aes_iv(AESContext *ctx, const void *iv);
-void aes_ssh2_encrypt_blk(AESContext *ctx, void *blk, int len);
-void aes_ssh2_decrypt_blk(AESContext *ctx, void *blk, int len);
-void aes_ssh2_sdctr(AESContext *ctx, void *blk, int len);
-
 /*
  * PuTTY version number formatted as an SSH version string. 
  */