|
DeterministicESPAsyncWebServer v6.27.1
Zero-allocation, bounded-execution async HTTP server for ESP32
|
AES-256-CTR stream cipher context and API. More...
#include <stddef.h>#include <stdint.h>#include <mbedtls/aes.h>Go to the source code of this file.
Classes | |
| struct | SshAesCtrCtx |
Functions | |
| void | ssh_aes256ctr_init (SshAesCtrCtx *ctx, const uint8_t key[32], const uint8_t iv[16]) |
| Initialize an AES-256-CTR context. | |
| void | ssh_aes256ctr_crypt (SshAesCtrCtx *ctx, const uint8_t *in, uint8_t *out, size_t len) |
Encrypt or decrypt len bytes in-place (or src→dst). | |
| void | ssh_aes256ctr_wipe (SshAesCtrCtx *ctx) |
| Zero the key schedule and all context fields. | |
AES-256-CTR stream cipher context and API.
AES-256-CTR is the mandatory cipher for this SSH implementation (aes256-ctr, RFC 4344 §4). CTR mode turns AES into a stream cipher: each 16-byte counter block is encrypted with AES-ECB to produce a keystream block, and data is XOR'd with the keystream. Encrypt and decrypt are identical operations.
COUNTER FORMAT (RFC 4344 §4) The 16-byte IV/counter block increments as a big-endian 128-bit integer after each 16 bytes of output. The initial IV is derived per RFC 4253 §7.2: IV = SHA256(K || H || 'A' || session_id) (C→S) IV = SHA256(K || H || 'B' || session_id) (S→C)
PLATFORM SELECTION ────────────────── On Arduino (ESP32) the struct embeds an actual mbedtls_aes_context so that mbedtls_aes_setkey_enc() / mbedtls_aes_crypt_ecb() are used for every AES block encryption. The ESP32 mbedtls port routes these calls to the hardware AES accelerator transparently. The compiler knows the true size of mbedtls_aes_context at compile time - no guessing, no overflow possible.
On native (x86 test builds) the struct stores a software-expanded 60-word AES-256 round key schedule (240 bytes) and a software AES block cipher is used. The software path exists only to allow host-side unit testing; it is never compiled into the production ESP32 firmware.
Definition in file ssh_aes256ctr.h.
| void ssh_aes256ctr_init | ( | SshAesCtrCtx * | ctx, |
| const uint8_t | key[32], | ||
| const uint8_t | iv[16] | ||
| ) |
Initialize an AES-256-CTR context.
Expands the key schedule (hardware on Arduino, software on native) and stores the initial counter/IV.
| ctx | Uninitialized context. |
| key | 32-byte AES-256 key (derived from KEX via RFC 4253 §7.2). |
| iv | 16-byte initial counter block (derived from KEX). |
Definition at line 24 of file ssh_aes256ctr.cpp.
References SshAesCtrCtx::_mbed, SshAesCtrCtx::counter, SshAesCtrCtx::keystream, and SshAesCtrCtx::pos.
Referenced by ssh_dh_derive_keys_sid().
| void ssh_aes256ctr_crypt | ( | SshAesCtrCtx * | ctx, |
| const uint8_t * | in, | ||
| uint8_t * | out, | ||
| size_t | len | ||
| ) |
Encrypt or decrypt len bytes in-place (or src→dst).
AES-CTR is symmetric: XOR with keystream is its own inverse. Calling this function for encryption and decryption is identical.
The counter advances by ceil(len/16) blocks. If in == out the operation is in-place (the only mode used by ssh_packet.cpp).
| ctx | Initialized AES-256-CTR context. |
| in | Input bytes. |
| out | Output bytes (may equal in for in-place). |
| len | Number of bytes to process. |
Definition at line 33 of file ssh_aes256ctr.cpp.
References SshAesCtrCtx::_mbed, SshAesCtrCtx::counter, SshAesCtrCtx::keystream, and SshAesCtrCtx::pos.
Referenced by ssh_pkt_recv(), and ssh_pkt_send().
| void ssh_aes256ctr_wipe | ( | SshAesCtrCtx * | ctx | ) |
Zero the key schedule and all context fields.
Call on disconnect. Uses a volatile wipe so the compiler cannot elide it. On Arduino also calls mbedtls_aes_free() to release any internal resources.
| ctx | Context to wipe. |
Definition at line 46 of file ssh_aes256ctr.cpp.
References SshAesCtrCtx::_mbed.