Context Navigation

source: rtems-libbsd/freebsd/contrib/wpa/src/crypto/aes-eax.c @ 9c9d11b

55-freebsd-126-freebsd-12

Last change on this file since 9c9d11b was 9c9d11b, checked in by Sichen Zhao <1473996754@…>, on 08/01/17 at 12:43:41
Import wpa from FreeBSD
Property mode set to `100644`
File size: 3.3 KB

Line
1	#include <machine/rtems-bsd-user-space.h>
2
3	/*
4	* AES-128 EAX
5	*
6	* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
7	*
8	* This software may be distributed under the terms of the BSD license.
9	* See README for more details.
10	*/
11
12	#include "includes.h"
13
14	#include "common.h"
15	#include "aes.h"
16	#include "aes_wrap.h"
17
18	/**
19	* aes_128_eax_encrypt - AES-128 EAX mode encryption
20	* @key: Key for encryption (16 bytes)
21	* @nonce: Nonce for counter mode
22	* @nonce_len: Nonce length in bytes
23	* @hdr: Header data to be authenticity protected
24	* @hdr_len: Length of the header data bytes
25	* @data: Data to encrypt in-place
26	* @data_len: Length of data in bytes
27	* @tag: 16-byte tag value
28	* Returns: 0 on success, -1 on failure
29	*/
30	int aes_128_eax_encrypt(const u8 key, const u8 nonce, size_t nonce_len,
31	const u8 *hdr, size_t hdr_len,
32	u8 data, size_t data_len, u8 tag)
33	{
34	u8 *buf;
35	size_t buf_len;
36	u8 nonce_mac[AES_BLOCK_SIZE], hdr_mac[AES_BLOCK_SIZE],
37	data_mac[AES_BLOCK_SIZE];
38	int i, ret = -1;
39
40	if (nonce_len > data_len)
41	buf_len = nonce_len;
42	else
43	buf_len = data_len;
44	if (hdr_len > buf_len)
45	buf_len = hdr_len;
46	buf_len += 16;
47
48	buf = os_malloc(buf_len);
49	if (buf == NULL)
50	return -1;
51
52	os_memset(buf, 0, 15);
53
54	buf[15] = 0;
55	os_memcpy(buf + 16, nonce, nonce_len);
56	if (omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac))
57	goto fail;
58
59	buf[15] = 1;
60	os_memcpy(buf + 16, hdr, hdr_len);
61	if (omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac))
62	goto fail;
63
64	if (aes_128_ctr_encrypt(key, nonce_mac, data, data_len))
65	goto fail;
66	buf[15] = 2;
67	os_memcpy(buf + 16, data, data_len);
68	if (omac1_aes_128(key, buf, 16 + data_len, data_mac))
69	goto fail;
70
71	for (i = 0; i < AES_BLOCK_SIZE; i++)
72	tag[i] = nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i];
73
74	ret = 0;
75	fail:
76	bin_clear_free(buf, buf_len);
77
78	return ret;
79	}
80
81
82	/**
83	* aes_128_eax_decrypt - AES-128 EAX mode decryption
84	* @key: Key for decryption (16 bytes)
85	* @nonce: Nonce for counter mode
86	* @nonce_len: Nonce length in bytes
87	* @hdr: Header data to be authenticity protected
88	* @hdr_len: Length of the header data bytes
89	* @data: Data to encrypt in-place
90	* @data_len: Length of data in bytes
91	* @tag: 16-byte tag value
92	* Returns: 0 on success, -1 on failure, -2 if tag does not match
93	*/
94	int aes_128_eax_decrypt(const u8 key, const u8 nonce, size_t nonce_len,
95	const u8 *hdr, size_t hdr_len,
96	u8 data, size_t data_len, const u8 tag)
97	{
98	u8 *buf;
99	size_t buf_len;
100	u8 nonce_mac[AES_BLOCK_SIZE], hdr_mac[AES_BLOCK_SIZE],
101	data_mac[AES_BLOCK_SIZE];
102	int i;
103
104	if (nonce_len > data_len)
105	buf_len = nonce_len;
106	else
107	buf_len = data_len;
108	if (hdr_len > buf_len)
109	buf_len = hdr_len;
110	buf_len += 16;
111
112	buf = os_malloc(buf_len);
113	if (buf == NULL)
114	return -1;
115
116	os_memset(buf, 0, 15);
117
118	buf[15] = 0;
119	os_memcpy(buf + 16, nonce, nonce_len);
120	if (omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac)) {
121	os_free(buf);
122	return -1;
123	}
124
125	buf[15] = 1;
126	os_memcpy(buf + 16, hdr, hdr_len);
127	if (omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac)) {
128	os_free(buf);
129	return -1;
130	}
131
132	buf[15] = 2;
133	os_memcpy(buf + 16, data, data_len);
134	if (omac1_aes_128(key, buf, 16 + data_len, data_mac)) {
135	os_free(buf);
136	return -1;
137	}
138
139	os_free(buf);
140
141	for (i = 0; i < AES_BLOCK_SIZE; i++) {
142	if (tag[i] != (nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i]))
143	return -2;
144	}
145
146	return aes_128_ctr_encrypt(key, nonce_mac, data, data_len);
147	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: