]>
Commit | Line | Data |
---|---|---|
4c9e03e0 | 1 | /* |
eefec1e4 | 2 | * AES Key Wrap Algorithm (RFC3394) |
4c9e03e0 JB |
3 | * |
4 | * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi> | |
5 | * | |
0f3d578e JM |
6 | * This software may be distributed under the terms of the BSD license. |
7 | * See README for more details. | |
4c9e03e0 JB |
8 | */ |
9 | ||
10 | #include "includes.h" | |
11 | ||
12 | #include "common.h" | |
1ba787b9 | 13 | #include "aes.h" |
d2b88129 | 14 | #include "aes_wrap.h" |
4c9e03e0 JB |
15 | |
16 | /** | |
eefec1e4 JM |
17 | * aes_wrap - Wrap keys with AES Key Wrap Algorithm (RFC3394) |
18 | * @kek: Key encryption key (KEK) | |
19 | * @kek_len: Length of KEK in octets | |
4c9e03e0 JB |
20 | * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16 |
21 | * bytes | |
22 | * @plain: Plaintext key to be wrapped, n * 64 bits | |
23 | * @cipher: Wrapped key, (n + 1) * 64 bits | |
24 | * Returns: 0 on success, -1 on failure | |
25 | */ | |
eefec1e4 | 26 | int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher) |
4c9e03e0 | 27 | { |
eefec1e4 | 28 | u8 *a, *r, b[AES_BLOCK_SIZE]; |
4c9e03e0 JB |
29 | int i, j; |
30 | void *ctx; | |
a256506d | 31 | unsigned int t; |
4c9e03e0 JB |
32 | |
33 | a = cipher; | |
34 | r = cipher + 8; | |
35 | ||
36 | /* 1) Initialize variables. */ | |
37 | os_memset(a, 0xa6, 8); | |
38 | os_memcpy(r, plain, 8 * n); | |
39 | ||
eefec1e4 | 40 | ctx = aes_encrypt_init(kek, kek_len); |
4c9e03e0 JB |
41 | if (ctx == NULL) |
42 | return -1; | |
43 | ||
44 | /* 2) Calculate intermediate values. | |
45 | * For j = 0 to 5 | |
46 | * For i=1 to n | |
47 | * B = AES(K, A | R[i]) | |
48 | * A = MSB(64, B) ^ t where t = (n*j)+i | |
49 | * R[i] = LSB(64, B) | |
50 | */ | |
51 | for (j = 0; j <= 5; j++) { | |
52 | r = cipher + 8; | |
53 | for (i = 1; i <= n; i++) { | |
54 | os_memcpy(b, a, 8); | |
55 | os_memcpy(b + 8, r, 8); | |
56 | aes_encrypt(ctx, b, b); | |
57 | os_memcpy(a, b, 8); | |
a256506d JM |
58 | t = n * j + i; |
59 | a[7] ^= t; | |
60 | a[6] ^= t >> 8; | |
61 | a[5] ^= t >> 16; | |
62 | a[4] ^= t >> 24; | |
4c9e03e0 JB |
63 | os_memcpy(r, b + 8, 8); |
64 | r += 8; | |
65 | } | |
66 | } | |
67 | aes_encrypt_deinit(ctx); | |
68 | ||
69 | /* 3) Output the results. | |
70 | * | |
71 | * These are already in @cipher due to the location of temporary | |
72 | * variables. | |
73 | */ | |
74 | ||
75 | return 0; | |
76 | } |