iPXE
Data Structures | Macros | Functions | Variables
aes.h File Reference

AES algorithm. More...

#include <ipxe/crypto.h>

Go to the source code of this file.

Data Structures

union  aes_matrix
 AES matrix. More...
struct  aes_round_keys
 AES round keys. More...
struct  aes_context
 AES context. More...

Macros

#define AES_BLOCKSIZE   16
 AES blocksize.
#define AES_MAX_ROUNDS   15
 Maximum number of AES rounds.
#define AES_CTX_SIZE   sizeof ( struct aes_context )
 AES context size.

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 FILE_SECBOOT (PERMITTED)
int aes_wrap (const void *kek, const void *src, void *dest, int nblk)
 Wrap a key or other data using AES Key Wrap (RFC 3394)
int aes_unwrap (const void *kek, const void *src, void *dest, int nblk)
 Unwrap a key or other data using AES Key Wrap (RFC 3394)

Variables

struct cipher_algorithm aes_algorithm
 Basic AES algorithm.
struct cipher_algorithm aes_ecb_algorithm
struct cipher_algorithm aes_cbc_algorithm
struct cipher_algorithm aes_gcm_algorithm

Detailed Description

AES algorithm.

Definition in file aes.h.

Macro Definition Documentation

◆ AES_BLOCKSIZE

#define AES_BLOCKSIZE   16

AES blocksize.

Definition at line 16 of file aes.h.

Referenced by __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), CBC_CIPHER(), ECB_CIPHER(), and GCM_CIPHER().

◆ AES_MAX_ROUNDS

#define AES_MAX_ROUNDS   15

Maximum number of AES rounds.

Definition at line 19 of file aes.h.

◆ AES_CTX_SIZE

#define AES_CTX_SIZE   sizeof ( struct aes_context )

AES context size.

Definition at line 46 of file aes.h.

Referenced by aes_unwrap(), and aes_wrap().

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL )

◆ FILE_SECBOOT()

FILE_SECBOOT ( PERMITTED )

◆ aes_wrap()

int aes_wrap ( const void * kek,
const void * src,
void * dest,
int nblk )

Wrap a key or other data using AES Key Wrap (RFC 3394)

Parameters
kekKey Encryption Key, 16 bytes
srcData to encrypt
nblkNumber of 8-byte blocks in data
Return values
destEncrypted data (8 bytes longer than input)

The algorithm is implemented such that src and dest may point to the same buffer.

Definition at line 38 of file aes_wrap.c.

39{
40 u8 *A = dest;
41 u8 B[16];
42 u8 *R;
43 int i, j;
44 void *aes_ctx = malloc ( AES_CTX_SIZE );
45
46 if ( ! aes_ctx )
47 return -1;
48
49 cipher_setkey ( &aes_algorithm, aes_ctx, kek, 16 );
50
51 /* Set up */
52 memset ( A, 0xA6, 8 );
53 memmove ( dest + 8, src, nblk * 8 );
54
55 /* Wrap */
56 for ( j = 0; j < 6; j++ ) {
57 R = dest + 8;
58 for ( i = 1; i <= nblk; i++ ) {
59 memcpy ( B, A, 8 );
60 memcpy ( B + 8, R, 8 );
61 cipher_encrypt ( &aes_algorithm, aes_ctx, B, B, 16 );
62 memcpy ( A, B, 8 );
63 A[7] ^= ( nblk * j ) + i;
64 memcpy ( R, B + 8, 8 );
65 R += 8;
66 }
67 }
68
69 free ( aes_ctx );
70 return 0;
71}
aes_algorithm
struct cipher_algorithm aes_algorithm
Basic AES algorithm.
Definition aes.c:784
AES_CTX_SIZE
#define AES_CTX_SIZE
AES context size.
Definition aes.h:46
dest
if(len >=6 *4) __asm__ __volatile__("movsl" if(len >=5 *4) __asm__ __volatile__("movsl" if(len >=4 *4) __asm__ __volatile__("movsl" if(len >=3 *4) __asm__ __volatile__("movsl" if(len >=2 *4) __asm__ __volatile__("movsl" if(len >=1 *4) __asm__ __volatile__("movsl" if((len % 4) >=2) __asm__ __volatile__("movsw" if((len % 2) >=1) __asm__ __volatile__("movsb" retur dest)
Definition string.h:151
src
static const void * src
Definition string.h:48
u8
#define u8
Definition igbvf_osdep.h:40
cipher_setkey
static int cipher_setkey(struct cipher_algorithm *cipher, void *ctx, const void *key, size_t keylen)
Definition crypto.h:235
cipher_encrypt
#define cipher_encrypt(cipher, ctx, src, dst, len)
Definition crypto.h:251
memcpy
void * memcpy(void *dest, const void *src, size_t len) __nonnull
memset
void * memset(void *dest, int character, size_t len) __nonnull
memmove
void * memmove(void *dest, const void *src, size_t len) __nonnull
malloc
void * malloc(size_t size)
Allocate memory.
Definition malloc.c:621
free
static void(* free)(struct refcnt *refcnt))
Definition refcnt.h:55
kek
u8 kek[WPA_KEK_LEN]
EAPOL-Key Key Encryption Key (KEK)
Definition wpa.h:4

References aes_algorithm, AES_CTX_SIZE, cipher_encrypt, cipher_setkey(), dest, free, kek, malloc(), memcpy(), memmove(), memset(), src, and u8.

◆ aes_unwrap()

int aes_unwrap ( const void * kek,
const void * src,
void * dest,
int nblk )

Unwrap a key or other data using AES Key Wrap (RFC 3394)

Parameters
kekKey Encryption Key, 16 bytes
srcData to decrypt
nblkNumber of 8-byte blocks in plaintext key
Return values
destDecrypted data (8 bytes shorter than input)
rcZero on success, nonzero on IV mismatch

The algorithm is implemented such that src and dest may point to the same buffer.

Definition at line 85 of file aes_wrap.c.

86{
87 u8 A[8], B[16];
88 u8 *R;
89 int i, j;
90 void *aes_ctx = malloc ( AES_CTX_SIZE );
91
92 if ( ! aes_ctx )
93 return -1;
94
95 cipher_setkey ( &aes_algorithm, aes_ctx, kek, 16 );
96
97 /* Set up */
98 memcpy ( A, src, 8 );
99 memmove ( dest, src + 8, nblk * 8 );
100
101 /* Unwrap */
102 for ( j = 5; j >= 0; j-- ) {
103 R = dest + ( nblk - 1 ) * 8;
104 for ( i = nblk; i >= 1; i-- ) {
105 memcpy ( B, A, 8 );
106 memcpy ( B + 8, R, 8 );
107 B[7] ^= ( nblk * j ) + i;
108 cipher_decrypt ( &aes_algorithm, aes_ctx, B, B, 16 );
109 memcpy ( A, B, 8 );
110 memcpy ( R, B + 8, 8 );
111 R -= 8;
112 }
113 }
114
115 free ( aes_ctx );
116
117 /* Check IV */
118 for ( i = 0; i < 8; i++ ) {
119 if ( A[i] != 0xA6 )
120 return -1;
121 }
122
123 return 0;
124}
cipher_decrypt
#define cipher_decrypt(cipher, ctx, src, dst, len)
Definition crypto.h:261

References aes_algorithm, AES_CTX_SIZE, cipher_decrypt, cipher_setkey(), dest, free, kek, malloc(), memcpy(), memmove(), src, and u8.

Referenced by ccmp_kie_decrypt().

Variable Documentation

◆ aes_algorithm

struct cipher_algorithm aes_algorithm
extern

Basic AES algorithm.

Definition at line 784 of file aes.c.

784 {
785 .name = "aes",
786 .ctxsize = sizeof ( struct aes_context ),
787 .blocksize = AES_BLOCKSIZE,
788 .alignsize = 0,
789 .authsize = 0,
790 .setkey = aes_setkey,
791 .setiv = cipher_null_setiv,
792 .encrypt = aes_encrypt,
793 .decrypt = aes_decrypt,
794 .auth = cipher_null_auth,
795};
aes_decrypt
static void aes_decrypt(void *ctx, const void *src, void *dst, size_t len)
Decrypt data.
Definition aes.c:435
aes_setkey
static int aes_setkey(void *ctx, const void *key, size_t keylen)
Set key.
Definition aes.c:682
aes_encrypt
static void aes_encrypt(void *ctx, const void *src, void *dst, size_t len)
Encrypt data.
Definition aes.c:399
AES_BLOCKSIZE
#define AES_BLOCKSIZE
AES blocksize.
Definition aes.h:16
cipher_null_setiv
void cipher_null_setiv(void *ctx __unused, const void *iv __unused, size_t ivlen __unused)
Definition crypto_null.c:65
cipher_null_auth
void cipher_null_auth(void *ctx __unused, void *auth __unused)
Definition crypto_null.c:80
aes_context
AES context.
Definition aes.h:36

Referenced by aes_unwrap(), aes_wrap(), CBC_CIPHER(), ccmp_cbc_mac(), ccmp_ctr_xor(), ccmp_feed_cbc_mac(), ccmp_init(), ECB_CIPHER(), and GCM_CIPHER().

◆ aes_ecb_algorithm

struct cipher_algorithm aes_ecb_algorithm
extern

Referenced by aes_test_exec(), CIPHER_TEST(), CIPHER_TEST(), CIPHER_TEST(), and ECB_CIPHER().

◆ aes_cbc_algorithm

struct cipher_algorithm aes_cbc_algorithm
extern

Referenced by __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), aes_test_exec(), CBC_CIPHER(), CIPHER_TEST(), CIPHER_TEST(), CIPHER_TEST(), and peerblk_parse_header().

◆ aes_gcm_algorithm

struct cipher_algorithm aes_gcm_algorithm
extern

Referenced by __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), __tls_cipher_suite(), CIPHER_TEST(), CIPHER_TEST(), CIPHER_TEST(), CIPHER_TEST(), CIPHER_TEST(), CIPHER_TEST(), CIPHER_TEST(), CIPHER_TEST(), CIPHER_TEST(), CIPHER_TEST(), CIPHER_TEST(), CIPHER_TEST(), CIPHER_TEST(), CIPHER_TEST(), CIPHER_TEST(), CIPHER_TEST(), CIPHER_TEST(), CIPHER_TEST(), GCM_CIPHER(), and gcm_test_exec().

Generated by doxygen 1.14.0