1 | #include <machine/rtems-bsd-user-space.h> |
---|
2 | |
---|
3 | /* |
---|
4 | * AES-128 EAX |
---|
5 | * |
---|
6 | * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi> |
---|
7 | * |
---|
8 | * This software may be distributed under the terms of the BSD license. |
---|
9 | * See README for more details. |
---|
10 | */ |
---|
11 | |
---|
12 | #include "includes.h" |
---|
13 | |
---|
14 | #include "common.h" |
---|
15 | #include "aes.h" |
---|
16 | #include "aes_wrap.h" |
---|
17 | |
---|
18 | /** |
---|
19 | * aes_128_eax_encrypt - AES-128 EAX mode encryption |
---|
20 | * @key: Key for encryption (16 bytes) |
---|
21 | * @nonce: Nonce for counter mode |
---|
22 | * @nonce_len: Nonce length in bytes |
---|
23 | * @hdr: Header data to be authenticity protected |
---|
24 | * @hdr_len: Length of the header data bytes |
---|
25 | * @data: Data to encrypt in-place |
---|
26 | * @data_len: Length of data in bytes |
---|
27 | * @tag: 16-byte tag value |
---|
28 | * Returns: 0 on success, -1 on failure |
---|
29 | */ |
---|
30 | int aes_128_eax_encrypt(const u8 *key, const u8 *nonce, size_t nonce_len, |
---|
31 | const u8 *hdr, size_t hdr_len, |
---|
32 | u8 *data, size_t data_len, u8 *tag) |
---|
33 | { |
---|
34 | u8 *buf; |
---|
35 | size_t buf_len; |
---|
36 | u8 nonce_mac[AES_BLOCK_SIZE], hdr_mac[AES_BLOCK_SIZE], |
---|
37 | data_mac[AES_BLOCK_SIZE]; |
---|
38 | int i, ret = -1; |
---|
39 | |
---|
40 | if (nonce_len > data_len) |
---|
41 | buf_len = nonce_len; |
---|
42 | else |
---|
43 | buf_len = data_len; |
---|
44 | if (hdr_len > buf_len) |
---|
45 | buf_len = hdr_len; |
---|
46 | buf_len += 16; |
---|
47 | |
---|
48 | buf = os_malloc(buf_len); |
---|
49 | if (buf == NULL) |
---|
50 | return -1; |
---|
51 | |
---|
52 | os_memset(buf, 0, 15); |
---|
53 | |
---|
54 | buf[15] = 0; |
---|
55 | os_memcpy(buf + 16, nonce, nonce_len); |
---|
56 | if (omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac)) |
---|
57 | goto fail; |
---|
58 | |
---|
59 | buf[15] = 1; |
---|
60 | os_memcpy(buf + 16, hdr, hdr_len); |
---|
61 | if (omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac)) |
---|
62 | goto fail; |
---|
63 | |
---|
64 | if (aes_128_ctr_encrypt(key, nonce_mac, data, data_len)) |
---|
65 | goto fail; |
---|
66 | buf[15] = 2; |
---|
67 | os_memcpy(buf + 16, data, data_len); |
---|
68 | if (omac1_aes_128(key, buf, 16 + data_len, data_mac)) |
---|
69 | goto fail; |
---|
70 | |
---|
71 | for (i = 0; i < AES_BLOCK_SIZE; i++) |
---|
72 | tag[i] = nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i]; |
---|
73 | |
---|
74 | ret = 0; |
---|
75 | fail: |
---|
76 | bin_clear_free(buf, buf_len); |
---|
77 | |
---|
78 | return ret; |
---|
79 | } |
---|
80 | |
---|
81 | |
---|
82 | /** |
---|
83 | * aes_128_eax_decrypt - AES-128 EAX mode decryption |
---|
84 | * @key: Key for decryption (16 bytes) |
---|
85 | * @nonce: Nonce for counter mode |
---|
86 | * @nonce_len: Nonce length in bytes |
---|
87 | * @hdr: Header data to be authenticity protected |
---|
88 | * @hdr_len: Length of the header data bytes |
---|
89 | * @data: Data to encrypt in-place |
---|
90 | * @data_len: Length of data in bytes |
---|
91 | * @tag: 16-byte tag value |
---|
92 | * Returns: 0 on success, -1 on failure, -2 if tag does not match |
---|
93 | */ |
---|
94 | int aes_128_eax_decrypt(const u8 *key, const u8 *nonce, size_t nonce_len, |
---|
95 | const u8 *hdr, size_t hdr_len, |
---|
96 | u8 *data, size_t data_len, const u8 *tag) |
---|
97 | { |
---|
98 | u8 *buf; |
---|
99 | size_t buf_len; |
---|
100 | u8 nonce_mac[AES_BLOCK_SIZE], hdr_mac[AES_BLOCK_SIZE], |
---|
101 | data_mac[AES_BLOCK_SIZE]; |
---|
102 | int i; |
---|
103 | |
---|
104 | if (nonce_len > data_len) |
---|
105 | buf_len = nonce_len; |
---|
106 | else |
---|
107 | buf_len = data_len; |
---|
108 | if (hdr_len > buf_len) |
---|
109 | buf_len = hdr_len; |
---|
110 | buf_len += 16; |
---|
111 | |
---|
112 | buf = os_malloc(buf_len); |
---|
113 | if (buf == NULL) |
---|
114 | return -1; |
---|
115 | |
---|
116 | os_memset(buf, 0, 15); |
---|
117 | |
---|
118 | buf[15] = 0; |
---|
119 | os_memcpy(buf + 16, nonce, nonce_len); |
---|
120 | if (omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac)) { |
---|
121 | os_free(buf); |
---|
122 | return -1; |
---|
123 | } |
---|
124 | |
---|
125 | buf[15] = 1; |
---|
126 | os_memcpy(buf + 16, hdr, hdr_len); |
---|
127 | if (omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac)) { |
---|
128 | os_free(buf); |
---|
129 | return -1; |
---|
130 | } |
---|
131 | |
---|
132 | buf[15] = 2; |
---|
133 | os_memcpy(buf + 16, data, data_len); |
---|
134 | if (omac1_aes_128(key, buf, 16 + data_len, data_mac)) { |
---|
135 | os_free(buf); |
---|
136 | return -1; |
---|
137 | } |
---|
138 | |
---|
139 | os_free(buf); |
---|
140 | |
---|
141 | for (i = 0; i < AES_BLOCK_SIZE; i++) { |
---|
142 | if (tag[i] != (nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i])) |
---|
143 | return -2; |
---|
144 | } |
---|
145 | |
---|
146 | return aes_128_ctr_encrypt(key, nonce_mac, data, data_len); |
---|
147 | } |
---|