| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame] | 1 | /* | 
|  | 2 | * AES Key Wrap Algorithm (RFC3394) | 
|  | 3 | * | 
|  | 4 | * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi> | 
|  | 5 | * | 
|  | 6 | * This software may be distributed under the terms of the BSD license. | 
|  | 7 | * See README for more details. | 
|  | 8 | */ | 
|  | 9 |  | 
|  | 10 | #include "includes.h" | 
|  | 11 |  | 
|  | 12 | #include "common.h" | 
|  | 13 | #include "aes.h" | 
|  | 14 | #include "aes_wrap.h" | 
|  | 15 |  | 
|  | 16 | /** | 
|  | 17 | * aes_wrap - Wrap keys with AES Key Wrap Algorithm (RFC3394) | 
|  | 18 | * @kek: Key encryption key (KEK) | 
|  | 19 | * @kek_len: Length of KEK in octets | 
|  | 20 | * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16 | 
|  | 21 | * bytes | 
|  | 22 | * @plain: Plaintext key to be wrapped, n * 64 bits | 
|  | 23 | * @cipher: Wrapped key, (n + 1) * 64 bits | 
|  | 24 | * Returns: 0 on success, -1 on failure | 
|  | 25 | */ | 
|  | 26 | int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher) | 
|  | 27 | { | 
|  | 28 | u8 *a, *r, b[AES_BLOCK_SIZE]; | 
|  | 29 | int i, j; | 
|  | 30 | void *ctx; | 
|  | 31 | unsigned int t; | 
|  | 32 |  | 
|  | 33 | a = cipher; | 
|  | 34 | r = cipher + 8; | 
|  | 35 |  | 
|  | 36 | /* 1) Initialize variables. */ | 
|  | 37 | os_memset(a, 0xa6, 8); | 
|  | 38 | os_memcpy(r, plain, 8 * n); | 
|  | 39 |  | 
|  | 40 | ctx = aes_encrypt_init(kek, kek_len); | 
|  | 41 | if (ctx == NULL) | 
|  | 42 | return -1; | 
|  | 43 |  | 
|  | 44 | /* 2) Calculate intermediate values. | 
|  | 45 | * For j = 0 to 5 | 
|  | 46 | *     For i=1 to n | 
|  | 47 | *         B = AES(K, A | R[i]) | 
|  | 48 | *         A = MSB(64, B) ^ t where t = (n*j)+i | 
|  | 49 | *         R[i] = LSB(64, B) | 
|  | 50 | */ | 
|  | 51 | for (j = 0; j <= 5; j++) { | 
|  | 52 | r = cipher + 8; | 
|  | 53 | for (i = 1; i <= n; i++) { | 
|  | 54 | os_memcpy(b, a, 8); | 
|  | 55 | os_memcpy(b + 8, r, 8); | 
|  | 56 | aes_encrypt(ctx, b, b); | 
|  | 57 | os_memcpy(a, b, 8); | 
|  | 58 | t = n * j + i; | 
|  | 59 | a[7] ^= t; | 
|  | 60 | a[6] ^= t >> 8; | 
|  | 61 | a[5] ^= t >> 16; | 
|  | 62 | a[4] ^= t >> 24; | 
|  | 63 | os_memcpy(r, b + 8, 8); | 
|  | 64 | r += 8; | 
|  | 65 | } | 
|  | 66 | } | 
|  | 67 | aes_encrypt_deinit(ctx); | 
|  | 68 |  | 
|  | 69 | /* 3) Output the results. | 
|  | 70 | * | 
|  | 71 | * These are already in @cipher due to the location of temporary | 
|  | 72 | * variables. | 
|  | 73 | */ | 
|  | 74 |  | 
|  | 75 | return 0; | 
|  | 76 | } |