iPXE
Functions
aes_wrap.c File Reference
#include <stdlib.h>
#include <string.h>
#include <ipxe/crypto.h>
#include <ipxe/aes.h>

Go to the source code of this file.

Functions

 FILE_LICENCE (GPL2_OR_LATER)
 
int aes_wrap (const void *kek, const void *src, void *dest, int nblk)
 Wrap a key or other data using AES Key Wrap (RFC 3394) More...
 
int aes_unwrap (const void *kek, const void *src, void *dest, int nblk)
 Unwrap a key or other data using AES Key Wrap (RFC 3394) More...
 

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER  )

◆ aes_wrap()

int aes_wrap ( const void *  kek,
const void *  src,
void *  dest,
int  nblk 
)

Wrap a key or other data using AES Key Wrap (RFC 3394)

Parameters
kekKey Encryption Key, 16 bytes
srcData to encrypt
nblkNumber of 8-byte blocks in data
Return values
destEncrypted data (8 bytes longer than input)

The algorithm is implemented such that src and dest may point to the same buffer.

Definition at line 38 of file aes_wrap.c.

39 {
40  u8 *A = dest;
41  u8 B[16];
42  u8 *R;
43  int i, j;
44  void *aes_ctx = malloc ( AES_CTX_SIZE );
45 
46  if ( ! aes_ctx )
47  return -1;
48 
49  cipher_setkey ( &aes_algorithm, aes_ctx, kek, 16 );
50 
51  /* Set up */
52  memset ( A, 0xA6, 8 );
53  memmove ( dest + 8, src, nblk * 8 );
54 
55  /* Wrap */
56  for ( j = 0; j < 6; j++ ) {
57  R = dest + 8;
58  for ( i = 1; i <= nblk; i++ ) {
59  memcpy ( B, A, 8 );
60  memcpy ( B + 8, R, 8 );
61  cipher_encrypt ( &aes_algorithm, aes_ctx, B, B, 16 );
62  memcpy ( A, B, 8 );
63  A[7] ^= ( nblk * j ) + i;
64  memcpy ( R, B + 8, 8 );
65  R += 8;
66  }
67  }
68 
69  free ( aes_ctx );
70  return 0;
71 }
#define AES_CTX_SIZE
AES context size.
Definition: aes.h:45
struct cipher_algorithm aes_algorithm
Basic AES algorithm.
Definition: aes.c:792
#define cipher_encrypt(cipher, ctx, src, dst, len)
Definition: crypto.h:202
void * memcpy(void *dest, const void *src, size_t len) __nonnull
static void * dest
Definition: strings.h:176
static __always_inline void off_t userptr_t src
Definition: efi_uaccess.h:66
static void(* free)(struct refcnt *refcnt))
Definition: refcnt.h:54
u8 kek[WPA_KEK_LEN]
EAPOL-Key Key Encryption Key (KEK)
Definition: wpa.h:31
void * malloc(size_t size)
Allocate memory.
Definition: malloc.c:583
void * memmove(void *dest, const void *src, size_t len) __nonnull
uint8_t u8
Definition: stdint.h:19
static int cipher_setkey(struct cipher_algorithm *cipher, void *ctx, const void *key, size_t keylen)
Definition: crypto.h:187
void * memset(void *dest, int character, size_t len) __nonnull

References aes_algorithm, AES_CTX_SIZE, cipher_encrypt, cipher_setkey(), dest, free, kek, malloc(), memcpy(), memmove(), memset(), and src.

◆ aes_unwrap()

int aes_unwrap ( const void *  kek,
const void *  src,
void *  dest,
int  nblk 
)

Unwrap a key or other data using AES Key Wrap (RFC 3394)

Parameters
kekKey Encryption Key, 16 bytes
srcData to decrypt
nblkNumber of 8-byte blocks in plaintext key
Return values
destDecrypted data (8 bytes shorter than input)
rcZero on success, nonzero on IV mismatch

The algorithm is implemented such that src and dest may point to the same buffer.

Definition at line 85 of file aes_wrap.c.

86 {
87  u8 A[8], B[16];
88  u8 *R;
89  int i, j;
90  void *aes_ctx = malloc ( AES_CTX_SIZE );
91 
92  if ( ! aes_ctx )
93  return -1;
94 
95  cipher_setkey ( &aes_algorithm, aes_ctx, kek, 16 );
96 
97  /* Set up */
98  memcpy ( A, src, 8 );
99  memmove ( dest, src + 8, nblk * 8 );
100 
101  /* Unwrap */
102  for ( j = 5; j >= 0; j-- ) {
103  R = dest + ( nblk - 1 ) * 8;
104  for ( i = nblk; i >= 1; i-- ) {
105  memcpy ( B, A, 8 );
106  memcpy ( B + 8, R, 8 );
107  B[7] ^= ( nblk * j ) + i;
108  cipher_decrypt ( &aes_algorithm, aes_ctx, B, B, 16 );
109  memcpy ( A, B, 8 );
110  memcpy ( R, B + 8, 8 );
111  R -= 8;
112  }
113  }
114 
115  free ( aes_ctx );
116 
117  /* Check IV */
118  for ( i = 0; i < 8; i++ ) {
119  if ( A[i] != 0xA6 )
120  return -1;
121  }
122 
123  return 0;
124 }
#define AES_CTX_SIZE
AES context size.
Definition: aes.h:45
struct cipher_algorithm aes_algorithm
Basic AES algorithm.
Definition: aes.c:792
void * memcpy(void *dest, const void *src, size_t len) __nonnull
static void * dest
Definition: strings.h:176
static __always_inline void off_t userptr_t src
Definition: efi_uaccess.h:66
static void(* free)(struct refcnt *refcnt))
Definition: refcnt.h:54
u8 kek[WPA_KEK_LEN]
EAPOL-Key Key Encryption Key (KEK)
Definition: wpa.h:31
#define cipher_decrypt(cipher, ctx, src, dst, len)
Definition: crypto.h:212
void * malloc(size_t size)
Allocate memory.
Definition: malloc.c:583
void * memmove(void *dest, const void *src, size_t len) __nonnull
uint8_t u8
Definition: stdint.h:19
static int cipher_setkey(struct cipher_algorithm *cipher, void *ctx, const void *key, size_t keylen)
Definition: crypto.h:187

References aes_algorithm, AES_CTX_SIZE, cipher_decrypt, cipher_setkey(), dest, free, kek, malloc(), memcpy(), memmove(), and src.

Referenced by ccmp_kie_decrypt().