src/crypto/aes-wrap.c

   1 /*
   2  * AES Key Wrap Algorithm (RFC3394)
   3  *
   4  * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
   5  *
   6  * This software may be distributed under the terms of the BSD license.
   7  * See README for more details.
   8  */
   9
  10 #include "includes.h"
  11
  12 #include "common.h"
  13 #include "aes.h"
  14 #include "aes_wrap.h"
  15
  16 /**
  17  * aes_wrap - Wrap keys with AES Key Wrap Algorithm (RFC3394)
  18  * @kek: Key encryption key (KEK)
  19  * @kek_len: Length of KEK in octets
  20  * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
  21  * bytes
  22  * @plain: Plaintext key to be wrapped, n * 64 bits
  23  * @cipher: Wrapped key, (n + 1) * 64 bits
  24  * Returns: 0 on success, -1 on failure
  25  */
  26 int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher)
  27 {
  28         u8 *a, *r, b[AES_BLOCK_SIZE];
  29         int i, j;
  30         void *ctx;
  31         unsigned int t;
  32
  33         a = cipher;
  34         r = cipher + 8;
  35
  36         /* 1) Initialize variables. */
  37         os_memset(a, 0xa6, 8);
  38         os_memcpy(r, plain, 8 * n);
  39
  40         ctx = aes_encrypt_init(kek, kek_len);
  41         if (ctx == NULL)
  42                 return -1;
  43
  44         /* 2) Calculate intermediate values.
  45          * For j = 0 to 5
  46          *     For i=1 to n
  47          *         B = AES(K, A | R[i])
  48          *         A = MSB(64, B) ^ t where t = (n*j)+i
  49          *         R[i] = LSB(64, B)
  50          */
  51         for (j = 0; j <= 5; j++) {
  52                 r = cipher + 8;
  53                 for (i = 1; i <= n; i++) {
  54                         os_memcpy(b, a, 8);
  55                         os_memcpy(b + 8, r, 8);
  56                         aes_encrypt(ctx, b, b);
  57                         os_memcpy(a, b, 8);
  58                         t = n * j + i;
  59                         a[7] ^= t;
  60                         a[6] ^= t >> 8;
  61                         a[5] ^= t >> 16;
  62                         a[4] ^= t >> 24;
  63                         os_memcpy(r, b + 8, 8);
  64                         r += 8;
  65                 }
  66         }
  67         aes_encrypt_deinit(ctx);
  68
  69         /* 3) Output the results.
  70          *
  71          * These are already in @cipher due to the location of temporary
  72          * variables.
  73          */
  74
  75         return 0;
  76 }