aes-eax.c
Go to the documentation of this file.
00001 /*
00002  * AES-128 EAX
00003  *
00004  * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
00005  *
00006  * This program is free software; you can redistribute it and/or modify
00007  * it under the terms of the GNU General Public License version 2 as
00008  * published by the Free Software Foundation.
00009  *
00010  * Alternatively, this software may be distributed under the terms of BSD
00011  * license.
00012  *
00013  * See README and COPYING for more details.
00014  */
00015 
00016 #include "includes.h"
00017 
00018 #include "common.h"
00019 #include "aes.h"
00020 #include "aes_wrap.h"
00021 
00034 int aes_128_eax_encrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
00035                         const u8 *hdr, size_t hdr_len,
00036                         u8 *data, size_t data_len, u8 *tag)
00037 {
00038         u8 *buf;
00039         size_t buf_len;
00040         u8 nonce_mac[AES_BLOCK_SIZE], hdr_mac[AES_BLOCK_SIZE],
00041                 data_mac[AES_BLOCK_SIZE];
00042         int i, ret = -1;
00043 
00044         if (nonce_len > data_len)
00045                 buf_len = nonce_len;
00046         else
00047                 buf_len = data_len;
00048         if (hdr_len > buf_len)
00049                 buf_len = hdr_len;
00050         buf_len += 16;
00051 
00052         buf = os_malloc(buf_len);
00053         if (buf == NULL)
00054                 return -1;
00055 
00056         os_memset(buf, 0, 15);
00057 
00058         buf[15] = 0;
00059         os_memcpy(buf + 16, nonce, nonce_len);
00060         if (omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac))
00061                 goto fail;
00062 
00063         buf[15] = 1;
00064         os_memcpy(buf + 16, hdr, hdr_len);
00065         if (omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac))
00066                 goto fail;
00067 
00068         if (aes_128_ctr_encrypt(key, nonce_mac, data, data_len))
00069                 goto fail;
00070         buf[15] = 2;
00071         os_memcpy(buf + 16, data, data_len);
00072         if (omac1_aes_128(key, buf, 16 + data_len, data_mac))
00073                 goto fail;
00074 
00075         for (i = 0; i < AES_BLOCK_SIZE; i++)
00076                 tag[i] = nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i];
00077 
00078         ret = 0;
00079 fail:
00080         os_free(buf);
00081 
00082         return ret;
00083 }
00084 
00085 
00098 int aes_128_eax_decrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
00099                         const u8 *hdr, size_t hdr_len,
00100                         u8 *data, size_t data_len, const u8 *tag)
00101 {
00102         u8 *buf;
00103         size_t buf_len;
00104         u8 nonce_mac[AES_BLOCK_SIZE], hdr_mac[AES_BLOCK_SIZE],
00105                 data_mac[AES_BLOCK_SIZE];
00106         int i;
00107 
00108         if (nonce_len > data_len)
00109                 buf_len = nonce_len;
00110         else
00111                 buf_len = data_len;
00112         if (hdr_len > buf_len)
00113                 buf_len = hdr_len;
00114         buf_len += 16;
00115 
00116         buf = os_malloc(buf_len);
00117         if (buf == NULL)
00118                 return -1;
00119 
00120         os_memset(buf, 0, 15);
00121 
00122         buf[15] = 0;
00123         os_memcpy(buf + 16, nonce, nonce_len);
00124         if (omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac)) {
00125                 os_free(buf);
00126                 return -1;
00127         }
00128 
00129         buf[15] = 1;
00130         os_memcpy(buf + 16, hdr, hdr_len);
00131         if (omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac)) {
00132                 os_free(buf);
00133                 return -1;
00134         }
00135 
00136         buf[15] = 2;
00137         os_memcpy(buf + 16, data, data_len);
00138         if (omac1_aes_128(key, buf, 16 + data_len, data_mac)) {
00139                 os_free(buf);
00140                 return -1;
00141         }
00142 
00143         os_free(buf);
00144 
00145         for (i = 0; i < AES_BLOCK_SIZE; i++) {
00146                 if (tag[i] != (nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i]))
00147                         return -2;
00148         }
00149 
00150         return aes_128_ctr_encrypt(key, nonce_mac, data, data_len);
00151 }


wpa_supplicant_node
Author(s): Package maintained by Blaise Gassend
autogenerated on Thu Jan 2 2014 11:25:12