[thirdparty/hostap.git] / src / crypto / aes-wrap.c

/*
 * AES Key Wrap Algorithm (RFC3394)
 *
 * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
 *
 * This software may be distributed under the terms of the BSD license.
 * See README for more details.
 */

#include "includes.h"

#include "common.h"
#include "aes.h"
#include "aes_wrap.h"

/**
 * aes_wrap - Wrap keys with AES Key Wrap Algorithm (RFC3394)
 * @kek: Key encryption key (KEK)
 * @kek_len: Length of KEK in octets
 * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
 * bytes
 * @plain: Plaintext key to be wrapped, n * 64 bits
 * @cipher: Wrapped key, (n + 1) * 64 bits
 * Returns: 0 on success, -1 on failure
 */
int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher)
{
	u8 *a, *r, b[AES_BLOCK_SIZE];
	int i, j;
	void *ctx;
	unsigned int t;

	a = cipher;
	r = cipher + 8;

	/* 1) Initialize variables. */
	os_memset(a, 0xa6, 8);
	os_memcpy(r, plain, 8 * n);

	ctx = aes_encrypt_init(kek, kek_len);
	if (ctx == NULL)
		return -1;

	/* 2) Calculate intermediate values.
	 * For j = 0 to 5
	 *     For i=1 to n
	 *         B = AES(K, A | R[i])
	 *         A = MSB(64, B) ^ t where t = (n*j)+i
	 *         R[i] = LSB(64, B)
	 */
	for (j = 0; j <= 5; j++) {
		r = cipher + 8;
		for (i = 1; i <= n; i++) {
			os_memcpy(b, a, 8);
			os_memcpy(b + 8, r, 8);
			aes_encrypt(ctx, b, b);
			os_memcpy(a, b, 8);
			t = n * j + i;
			a[7] ^= t;
			a[6] ^= t >> 8;
			a[5] ^= t >> 16;
			a[4] ^= t >> 24;
			os_memcpy(r, b + 8, 8);
			r += 8;
		}
	}
	aes_encrypt_deinit(ctx);

	/* 3) Output the results.
	 *
	 * These are already in @cipher due to the location of temporary
	 * variables.
	 */

	return 0;
}
Commit	Line	Data
4c9e03e0	1	/*
eefec1e4	2	* AES Key Wrap Algorithm (RFC3394)
4c9e03e0 JB	3	*
	4	* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
	5	*
0f3d578e JM	6	* This software may be distributed under the terms of the BSD license.
0f3d578e JM	7	* See README for more details.
4c9e03e0 JB	8	*/
	9
	10	#include "includes.h"
	11
	12	#include "common.h"
1ba787b9	13	#include "aes.h"
d2b88129	14	#include "aes_wrap.h"
4c9e03e0 JB	15
4c9e03e0 JB	16	/**
eefec1e4 JM	17	* aes_wrap - Wrap keys with AES Key Wrap Algorithm (RFC3394)
	18	* @kek: Key encryption key (KEK)
	19	* @kek_len: Length of KEK in octets
4c9e03e0 JB	20	* @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
	21	* bytes
	22	* @plain: Plaintext key to be wrapped, n * 64 bits
	23	* @cipher: Wrapped key, (n + 1) * 64 bits
	24	* Returns: 0 on success, -1 on failure
	25	*/
eefec1e4	26	int aes_wrap(const u8 kek, size_t kek_len, int n, const u8 plain, u8 *cipher)
4c9e03e0	27	{
eefec1e4	28	u8 a, r, b[AES_BLOCK_SIZE];
4c9e03e0 JB	29	int i, j;
4c9e03e0 JB	30	void *ctx;
a256506d	31	unsigned int t;
4c9e03e0 JB	32
	33	a = cipher;
	34	r = cipher + 8;
	35
	36	/* 1) Initialize variables. */
	37	os_memset(a, 0xa6, 8);
	38	os_memcpy(r, plain, 8 * n);
	39
eefec1e4	40	ctx = aes_encrypt_init(kek, kek_len);
4c9e03e0 JB	41	if (ctx == NULL)
	42	return -1;
	43
	44	/* 2) Calculate intermediate values.
	45	* For j = 0 to 5
	46	* For i=1 to n
	47	* B = AES(K, A \| R[i])
	48	* A = MSB(64, B) ^ t where t = (n*j)+i
	49	* R[i] = LSB(64, B)
	50	*/
	51	for (j = 0; j <= 5; j++) {
	52	r = cipher + 8;
	53	for (i = 1; i <= n; i++) {
	54	os_memcpy(b, a, 8);
	55	os_memcpy(b + 8, r, 8);
	56	aes_encrypt(ctx, b, b);
	57	os_memcpy(a, b, 8);
a256506d JM	58	t = n * j + i;
	59	a[7] ^= t;
	60	a[6] ^= t >> 8;
	61	a[5] ^= t >> 16;
	62	a[4] ^= t >> 24;
4c9e03e0 JB	63	os_memcpy(r, b + 8, 8);
	64	r += 8;
	65	}
	66	}
	67	aes_encrypt_deinit(ctx);
	68
	69	/* 3) Output the results.
	70	*
	71	* These are already in @cipher due to the location of temporary
	72	* variables.
	73	*/
	74
	75	return 0;
	76	}