]>
git.ipfire.org Git - thirdparty/nettle.git/blob - nist-keywrap.c
5 https://tools.ietf.org/html/rfc3394
7 Copyright (C) 2021 Nicolas Mora
10 This file is part of GNU Nettle.
12 GNU Nettle is free software: you can redistribute it and/or
13 modify it under the terms of either:
15 * the GNU Lesser General Public License as published by the Free
16 Software Foundation; either version 3 of the License, or (at your
17 option) any later version.
21 * the GNU General Public License as published by the Free
22 Software Foundation; either version 2 of the License, or (at your
23 option) any later version.
25 or both in parallel, as here.
27 GNU Nettle is distributed in the hope that it will be useful,
28 but WITHOUT ANY WARRANTY; without even the implied warranty of
29 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
30 General Public License for more details.
32 You should have received copies of the GNU General Public License and
33 the GNU Lesser General Public License along with this program. If
34 not, see http://www.gnu.org/licenses/.
44 #include "nist-keywrap.h"
47 #include "bswap-internal.h"
50 nist_keywrap16 (const void *ctx
, nettle_cipher_func
*encrypt
,
51 const uint8_t *iv
, size_t ciphertext_length
,
52 uint8_t *ciphertext
, const uint8_t *cleartext
)
54 union nettle_block16 I
, B
;
55 union nettle_block8 A
;
57 uint8_t *R
= ciphertext
+ 8;
59 /* ciphertext_length must be at least 16
60 * and be divisible by 8 */
61 assert (ciphertext_length
>= 16);
62 assert (!(ciphertext_length
% 8));
64 n
= (ciphertext_length
- 8) / 8;
65 memcpy (R
, cleartext
, (ciphertext_length
- 8));
68 for (j
= 0; j
< 6; j
++)
70 for (i
= 0; i
< n
; i
++)
74 memcpy (I
.b
+ 8, R
+ (i
* 8), 8);
77 encrypt (ctx
, 16, B
.b
, I
.b
);
79 /* A = MSB(64, B) ^ t where t = (n*j)+i */
80 A
.u64
= B
.u64
[0] ^ bswap64_if_le ((n
* j
) + (i
+ 1));
82 /* R[i] = LSB(64, B) */
83 memcpy (R
+ (i
* 8), B
.b
+ 8, 8);
87 memcpy (ciphertext
, A
.b
, 8);
91 nist_keyunwrap16 (const void *ctx
, nettle_cipher_func
*decrypt
,
92 const uint8_t *iv
, size_t cleartext_length
,
93 uint8_t *cleartext
, const uint8_t *ciphertext
)
95 union nettle_block16 I
, B
;
96 union nettle_block8 A
;
99 uint8_t *R
= cleartext
;
101 /* cleartext_length must be at least 8
102 * and be divisible by 8 */
103 assert (cleartext_length
>= 8);
104 assert (!(cleartext_length
% 8));
106 n
= (cleartext_length
/ 8);
107 memcpy (A
.b
, ciphertext
, 8);
108 memcpy (R
, ciphertext
+ 8, cleartext_length
);
110 for (j
= 5; j
>= 0; j
--)
112 for (i
= n
- 1; i
>= 0; i
--)
114 /* B = AES-1(K, (A ^ t) | R[i]) where t = n*j+i */
115 I
.u64
[0] = A
.u64
^ bswap64_if_le ((n
* j
) + (i
+ 1));
116 memcpy (I
.b
+ 8, R
+ (i
* 8), 8);
117 decrypt (ctx
, 16, B
.b
, I
.b
);
122 /* R[i] = LSB(64, B) */
123 memcpy (R
+ (i
* 8), B
.b
+ 8, 8);
127 return memeql_sec (A
.b
, iv
, 8);
131 aes128_keywrap (struct aes128_ctx
*ctx
,
132 const uint8_t *iv
, size_t ciphertext_length
,
133 uint8_t *ciphertext
, const uint8_t *cleartext
)
135 nist_keywrap16 (ctx
, (nettle_cipher_func
*) & aes128_encrypt
,
136 iv
, ciphertext_length
, ciphertext
, cleartext
);
140 aes192_keywrap (struct aes192_ctx
*ctx
,
141 const uint8_t *iv
, size_t ciphertext_length
,
142 uint8_t *ciphertext
, const uint8_t *cleartext
)
144 nist_keywrap16 (ctx
, (nettle_cipher_func
*) & aes192_encrypt
,
145 iv
, ciphertext_length
, ciphertext
, cleartext
);
149 aes256_keywrap (struct aes256_ctx
*ctx
,
150 const uint8_t *iv
, size_t ciphertext_length
,
151 uint8_t *ciphertext
, const uint8_t *cleartext
)
153 nist_keywrap16 (ctx
, (nettle_cipher_func
*) & aes256_encrypt
,
154 iv
, ciphertext_length
, ciphertext
, cleartext
);
158 aes128_keyunwrap (struct aes128_ctx
*ctx
,
159 const uint8_t *iv
, size_t cleartext_length
,
160 uint8_t *cleartext
, const uint8_t *ciphertext
)
162 return nist_keyunwrap16 (ctx
, (nettle_cipher_func
*) & aes128_decrypt
,
163 iv
, cleartext_length
, cleartext
, ciphertext
);
167 aes192_keyunwrap (struct aes192_ctx
*ctx
,
168 const uint8_t *iv
, size_t cleartext_length
,
169 uint8_t *cleartext
, const uint8_t *ciphertext
)
171 return nist_keyunwrap16 (ctx
, (nettle_cipher_func
*) & aes192_decrypt
,
172 iv
, cleartext_length
, cleartext
, ciphertext
);
176 aes256_keyunwrap (struct aes256_ctx
*ctx
,
177 const uint8_t *iv
, size_t cleartext_length
,
178 uint8_t *cleartext
, const uint8_t *ciphertext
)
180 return nist_keyunwrap16 (ctx
, (nettle_cipher_func
*) & aes256_decrypt
,
181 iv
, cleartext_length
, cleartext
, ciphertext
);