]>
git.ipfire.org Git - thirdparty/hostap.git/blob - src/crypto/aes-unwrap.c
2 * AES key unwrap (RFC3394)
4 * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
6 * This software may be distributed under the terms of the BSD license.
7 * See README for more details.
17 * aes_unwrap - Unwrap key with AES Key Wrap Algorithm (RFC3394)
18 * @kek: Key encryption key (KEK)
19 * @kek_len: Length of KEK in octets
20 * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
22 * @cipher: Wrapped key to be unwrapped, (n + 1) * 64 bits
23 * @plain: Plaintext key, n * 64 bits
24 * Returns: 0 on success, -1 on failure (e.g., integrity verification failed)
26 int aes_unwrap(const u8
*kek
, size_t kek_len
, int n
, const u8
*cipher
,
29 u8 a
[8], *r
, b
[AES_BLOCK_SIZE
];
34 /* 1) Initialize variables. */
35 os_memcpy(a
, cipher
, 8);
37 os_memcpy(r
, cipher
+ 8, 8 * n
);
39 ctx
= aes_decrypt_init(kek
, kek_len
);
43 /* 2) Compute intermediate values.
46 * B = AES-1(K, (A ^ t) | R[i]) where t = n*j+i
50 for (j
= 5; j
>= 0; j
--) {
51 r
= plain
+ (n
- 1) * 8;
52 for (i
= n
; i
>= 1; i
--) {
60 os_memcpy(b
+ 8, r
, 8);
61 aes_decrypt(ctx
, b
, b
);
63 os_memcpy(r
, b
+ 8, 8);
67 aes_decrypt_deinit(ctx
);
71 * These are already in @plain due to the location of temporary
72 * variables. Just verify that the IV matches with the expected value.
74 for (i
= 0; i
< 8; i
++) {