1214501Srpaulo/* 2214501Srpaulo * AES Key Wrap Algorithm (128-bit KEK) (RFC3394) 3214501Srpaulo * 4214501Srpaulo * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi> 5214501Srpaulo * 6252726Srpaulo * This software may be distributed under the terms of the BSD license. 7252726Srpaulo * See README for more details. 8214501Srpaulo */ 9214501Srpaulo 10214501Srpaulo#include "includes.h" 11214501Srpaulo 12214501Srpaulo#include "common.h" 13214501Srpaulo#include "aes.h" 14214501Srpaulo#include "aes_wrap.h" 15214501Srpaulo 16214501Srpaulo/** 17214501Srpaulo * aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394) 18214501Srpaulo * @kek: 16-octet Key encryption key (KEK) 19214501Srpaulo * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16 20214501Srpaulo * bytes 21214501Srpaulo * @plain: Plaintext key to be wrapped, n * 64 bits 22214501Srpaulo * @cipher: Wrapped key, (n + 1) * 64 bits 23214501Srpaulo * Returns: 0 on success, -1 on failure 24214501Srpaulo */ 25214501Srpauloint aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher) 26214501Srpaulo{ 27214501Srpaulo u8 *a, *r, b[16]; 28214501Srpaulo int i, j; 29214501Srpaulo void *ctx; 30214501Srpaulo 31214501Srpaulo a = cipher; 32214501Srpaulo r = cipher + 8; 33214501Srpaulo 34214501Srpaulo /* 1) Initialize variables. */ 35214501Srpaulo os_memset(a, 0xa6, 8); 36214501Srpaulo os_memcpy(r, plain, 8 * n); 37214501Srpaulo 38214501Srpaulo ctx = aes_encrypt_init(kek, 16); 39214501Srpaulo if (ctx == NULL) 40214501Srpaulo return -1; 41214501Srpaulo 42214501Srpaulo /* 2) Calculate intermediate values. 43214501Srpaulo * For j = 0 to 5 44214501Srpaulo * For i=1 to n 45214501Srpaulo * B = AES(K, A | R[i]) 46214501Srpaulo * A = MSB(64, B) ^ t where t = (n*j)+i 47214501Srpaulo * R[i] = LSB(64, B) 48214501Srpaulo */ 49214501Srpaulo for (j = 0; j <= 5; j++) { 50214501Srpaulo r = cipher + 8; 51214501Srpaulo for (i = 1; i <= n; i++) { 52214501Srpaulo os_memcpy(b, a, 8); 53214501Srpaulo os_memcpy(b + 8, r, 8); 54214501Srpaulo aes_encrypt(ctx, b, b); 55214501Srpaulo os_memcpy(a, b, 8); 56214501Srpaulo a[7] ^= n * j + i; 57214501Srpaulo os_memcpy(r, b + 8, 8); 58214501Srpaulo r += 8; 59214501Srpaulo } 60214501Srpaulo } 61214501Srpaulo aes_encrypt_deinit(ctx); 62214501Srpaulo 63214501Srpaulo /* 3) Output the results. 64214501Srpaulo * 65214501Srpaulo * These are already in @cipher due to the location of temporary 66214501Srpaulo * variables. 67214501Srpaulo */ 68214501Srpaulo 69214501Srpaulo return 0; 70214501Srpaulo} 71