david/ipxe
david/ipxe
Archived
1
0
Fork 0
Code
This repository has been archived on 2020-12-06. You can view files and clone it, but cannot push or open issues or pull requests.
d4f0c5d088
ipxe/src/crypto/aes_wrap.c
Michael Brown 8406115834 [build] Rename gPXE to iPXE 
Access to the gpxe.org and etherboot.org domains and associated
resources has been revoked by the registrant of the domain.  Work
around this problem by renaming project from gPXE to iPXE, and
updating URLs to match.

Also update README, LOG and COPYRIGHTS to remove obsolete information.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2010-04-19 23:43:39 +01:00

124 lines
2.9 KiB
C
Raw Blame History

/*
* Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
FILE_LICENCE ( GPL2_OR_LATER );
#include <stdlib.h>
#include <string.h>
#include <ipxe/crypto.h>
#include <ipxe/aes.h>
/**
* Wrap a key or other data using AES Key Wrap (RFC 3394)
*
* @v kek Key Encryption Key, 16 bytes
* @v src Data to encrypt
* @v nblk Number of 8-byte blocks in @a data
* @ret dest Encrypted data (8 bytes longer than input)
*
* The algorithm is implemented such that @a src and @a dest may point
* to the same buffer.
*/
int aes_wrap ( const void *kek, const void *src, void *dest, int nblk )
{
u8 *A = dest;
u8 B[16];
u8 *R;
int i, j;
void *aes_ctx = malloc ( AES_CTX_SIZE );
if ( ! aes_ctx )
return -1;
cipher_setkey ( &aes_algorithm, aes_ctx, kek, 16 );
/* Set up */
memset ( A, 0xA6, sizeof ( A ) );
memmove ( dest + 8, src, nblk * 8 );
/* Wrap */
for ( j = 0; j < 6; j++ ) {
R = dest + 8;
for ( i = 1; i <= nblk; i++ ) {
memcpy ( B, A, 8 );
memcpy ( B + 8, R, 8 );
cipher_encrypt ( &aes_algorithm, aes_ctx, B, B, 16 );
memcpy ( A, B, 8 );
A[7] ^= ( nblk * j ) + i;
memcpy ( R, B + 8, 8 );
R += 8;
}
}
free ( aes_ctx );
return 0;
}
/**
* Unwrap a key or other data using AES Key Wrap (RFC 3394)
*
* @v kek Key Encryption Key, 16 bytes
* @v src Data to decrypt
* @v nblk Number of 8-byte blocks in @e plaintext key
* @ret dest Decrypted data (8 bytes shorter than input)
* @ret rc Zero on success, nonzero on IV mismatch
*
* The algorithm is implemented such that @a src and @a dest may point
* to the same buffer.
*/
int aes_unwrap ( const void *kek, const void *src, void *dest, int nblk )
{
u8 A[8], B[16];
u8 *R;
int i, j;
void *aes_ctx = malloc ( AES_CTX_SIZE );
if ( ! aes_ctx )
return -1;
cipher_setkey ( &aes_algorithm, aes_ctx, kek, 16 );
/* Set up */
memcpy ( A, src, 8 );
memmove ( dest, src + 8, nblk * 8 );
/* Unwrap */
for ( j = 5; j >= 0; j-- ) {
R = dest + ( nblk - 1 ) * 8;
for ( i = nblk; i >= 1; i-- ) {
memcpy ( B, A, 8 );
memcpy ( B + 8, R, 8 );
B[7] ^= ( nblk * j ) + i;
cipher_decrypt ( &aes_algorithm, aes_ctx, B, B, 16 );
memcpy ( A, B, 8 );
memcpy ( R, B + 8, 8 );
R -= 8;
}
}
free ( aes_ctx );
/* Check IV */
for ( i = 0; i < 8; i++ ) {
if ( A[i] != 0xA6 )
return -1;
}
return 0;
}
View Git Blame Copy Permalink