summaryrefslogblamecommitdiffstats
path: root/src/crypto/aes_wrap.c
blob: c09480e5a98ce902893f3f6827101ef2b4713440 (plain) (tree) 
6c6db864 ^















c3b4860c ^


6c6db864 ^






84061158 ^


6c6db864 ^


























ede37e49 ^

6c6db864 ^








































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

16
17

18
19
20
21
22
23

24
25

26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

52

53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124















                                                                      

                                                                





                               

                        

























                                                                       
                              







































































                                                                             
/*
 * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

FILE_LICENCE ( GPL2_OR_LATER );

#include <stdlib.h>
#include <string.h>
#include <ipxe/crypto.h>
#include <ipxe/aes.h>

/**
 * Wrap a key or other data using AES Key Wrap (RFC 3394)
 *
 * @v kek	Key Encryption Key, 16 bytes
 * @v src	Data to encrypt
 * @v nblk	Number of 8-byte blocks in @a data
 * @ret dest	Encrypted data (8 bytes longer than input)
 *
 * The algorithm is implemented such that @a src and @a dest may point
 * to the same buffer.
 */
int aes_wrap ( const void *kek, const void *src, void *dest, int nblk )
{
	u8 *A = dest;
	u8 B[16];
	u8 *R;
	int i, j;
	void *aes_ctx = malloc ( AES_CTX_SIZE );

	if ( ! aes_ctx )
		return -1;

	cipher_setkey ( &aes_algorithm, aes_ctx, kek, 16 );

	/* Set up */
	memset ( A, 0xA6, 8 );
	memmove ( dest + 8, src, nblk * 8 );

	/* Wrap */
	for ( j = 0; j < 6; j++ ) {
		R = dest + 8;
		for ( i = 1; i <= nblk; i++ ) {
			memcpy ( B, A, 8 );
			memcpy ( B + 8, R, 8 );
			cipher_encrypt ( &aes_algorithm, aes_ctx, B, B, 16 );
			memcpy ( A, B, 8 );
			A[7] ^= ( nblk * j ) + i;
			memcpy ( R, B + 8, 8 );
			R += 8;
		}
	}

	free ( aes_ctx );
	return 0;
}

/**
 * Unwrap a key or other data using AES Key Wrap (RFC 3394)
 *
 * @v kek	Key Encryption Key, 16 bytes
 * @v src	Data to decrypt
 * @v nblk	Number of 8-byte blocks in @e plaintext key
 * @ret dest	Decrypted data (8 bytes shorter than input)
 * @ret rc	Zero on success, nonzero on IV mismatch
 *
 * The algorithm is implemented such that @a src and @a dest may point
 * to the same buffer.
 */
int aes_unwrap ( const void *kek, const void *src, void *dest, int nblk )
{
	u8 A[8], B[16];
	u8 *R;
	int i, j;
	void *aes_ctx = malloc ( AES_CTX_SIZE );

	if ( ! aes_ctx )
		return -1;

	cipher_setkey ( &aes_algorithm, aes_ctx, kek, 16 );

	/* Set up */
	memcpy ( A, src, 8 );
	memmove ( dest, src + 8, nblk * 8 );

	/* Unwrap */
	for ( j = 5; j >= 0; j-- ) {
		R = dest + ( nblk - 1 ) * 8;
		for ( i = nblk; i >= 1; i-- ) {
			memcpy ( B, A, 8 );
			memcpy ( B + 8, R, 8 );
			B[7] ^= ( nblk * j ) + i;
			cipher_decrypt ( &aes_algorithm, aes_ctx, B, B, 16 );
			memcpy ( A, B, 8 );
			memcpy ( R, B + 8, 8 );
			R -= 8;
		}
	}

	free ( aes_ctx );

	/* Check IV */
	for ( i = 0; i < 8; i++ ) {
		if ( A[i] != 0xA6 )
			return -1;
	}

	return 0;
}
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-26 19:44:12 +0200