DeterministicESPAsyncWebServer v6.27.1
Zero-allocation, bounded-execution async HTTP server for ESP32
Loading...
Searching...
No Matches
ssh_aes256ctr.h File Reference

AES-256-CTR stream cipher context and API. More...

#include <stddef.h>
#include <stdint.h>
#include <mbedtls/aes.h>

Go to the source code of this file.

Classes

struct  SshAesCtrCtx
 

Functions

void ssh_aes256ctr_init (SshAesCtrCtx *ctx, const uint8_t key[32], const uint8_t iv[16])
 Initialize an AES-256-CTR context.
 
void ssh_aes256ctr_crypt (SshAesCtrCtx *ctx, const uint8_t *in, uint8_t *out, size_t len)
 Encrypt or decrypt len bytes in-place (or src→dst).
 
void ssh_aes256ctr_wipe (SshAesCtrCtx *ctx)
 Zero the key schedule and all context fields.
 

Detailed Description

AES-256-CTR stream cipher context and API.

AES-256-CTR is the mandatory cipher for this SSH implementation (aes256-ctr, RFC 4344 §4). CTR mode turns AES into a stream cipher: each 16-byte counter block is encrypted with AES-ECB to produce a keystream block, and data is XOR'd with the keystream. Encrypt and decrypt are identical operations.

COUNTER FORMAT (RFC 4344 §4) The 16-byte IV/counter block increments as a big-endian 128-bit integer after each 16 bytes of output. The initial IV is derived per RFC 4253 §7.2: IV = SHA256(K || H || 'A' || session_id) (C→S) IV = SHA256(K || H || 'B' || session_id) (S→C)

PLATFORM SELECTION ────────────────── On Arduino (ESP32) the struct embeds an actual mbedtls_aes_context so that mbedtls_aes_setkey_enc() / mbedtls_aes_crypt_ecb() are used for every AES block encryption. The ESP32 mbedtls port routes these calls to the hardware AES accelerator transparently. The compiler knows the true size of mbedtls_aes_context at compile time - no guessing, no overflow possible.

On native (x86 test builds) the struct stores a software-expanded 60-word AES-256 round key schedule (240 bytes) and a software AES block cipher is used. The software path exists only to allow host-side unit testing; it is never compiled into the production ESP32 firmware.

Author
Douglas Quigg (dstroy0)
Date
2026

Definition in file ssh_aes256ctr.h.

Function Documentation

◆ ssh_aes256ctr_init()

void ssh_aes256ctr_init ( SshAesCtrCtx ctx,
const uint8_t  key[32],
const uint8_t  iv[16] 
)

Initialize an AES-256-CTR context.

Expands the key schedule (hardware on Arduino, software on native) and stores the initial counter/IV.

Parameters
ctxUninitialized context.
key32-byte AES-256 key (derived from KEX via RFC 4253 §7.2).
iv16-byte initial counter block (derived from KEX).

Definition at line 24 of file ssh_aes256ctr.cpp.

References SshAesCtrCtx::_mbed, SshAesCtrCtx::counter, SshAesCtrCtx::keystream, and SshAesCtrCtx::pos.

Referenced by ssh_dh_derive_keys_sid().

◆ ssh_aes256ctr_crypt()

void ssh_aes256ctr_crypt ( SshAesCtrCtx ctx,
const uint8_t *  in,
uint8_t *  out,
size_t  len 
)

Encrypt or decrypt len bytes in-place (or src→dst).

AES-CTR is symmetric: XOR with keystream is its own inverse. Calling this function for encryption and decryption is identical.

The counter advances by ceil(len/16) blocks. If in == out the operation is in-place (the only mode used by ssh_packet.cpp).

Parameters
ctxInitialized AES-256-CTR context.
inInput bytes.
outOutput bytes (may equal in for in-place).
lenNumber of bytes to process.

Definition at line 33 of file ssh_aes256ctr.cpp.

References SshAesCtrCtx::_mbed, SshAesCtrCtx::counter, SshAesCtrCtx::keystream, and SshAesCtrCtx::pos.

Referenced by ssh_pkt_recv(), and ssh_pkt_send().

◆ ssh_aes256ctr_wipe()

void ssh_aes256ctr_wipe ( SshAesCtrCtx ctx)

Zero the key schedule and all context fields.

Call on disconnect. Uses a volatile wipe so the compiler cannot elide it. On Arduino also calls mbedtls_aes_free() to release any internal resources.

Parameters
ctxContext to wipe.

Definition at line 46 of file ssh_aes256ctr.cpp.

References SshAesCtrCtx::_mbed.