aes-unwrap.c
Go to the documentation of this file.
00001 /*
00002  * AES key unwrap (128-bit KEK, RFC3394)
00003  *
00004  * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
00005  *
00006  * This program is free software; you can redistribute it and/or modify
00007  * it under the terms of the GNU General Public License version 2 as
00008  * published by the Free Software Foundation.
00009  *
00010  * Alternatively, this software may be distributed under the terms of BSD
00011  * license.
00012  *
00013  * See README and COPYING for more details.
00014  */
00015 
00016 #include "includes.h"
00017 
00018 #include "common.h"
00019 #include "aes.h"
00020 #include "aes_wrap.h"
00021 
00031 int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain)
00032 {
00033         u8 a[8], *r, b[16];
00034         int i, j;
00035         void *ctx;
00036 
00037         /* 1) Initialize variables. */
00038         os_memcpy(a, cipher, 8);
00039         r = plain;
00040         os_memcpy(r, cipher + 8, 8 * n);
00041 
00042         ctx = aes_decrypt_init(kek, 16);
00043         if (ctx == NULL)
00044                 return -1;
00045 
00046         /* 2) Compute intermediate values.
00047          * For j = 5 to 0
00048          *     For i = n to 1
00049          *         B = AES-1(K, (A ^ t) | R[i]) where t = n*j+i
00050          *         A = MSB(64, B)
00051          *         R[i] = LSB(64, B)
00052          */
00053         for (j = 5; j >= 0; j--) {
00054                 r = plain + (n - 1) * 8;
00055                 for (i = n; i >= 1; i--) {
00056                         os_memcpy(b, a, 8);
00057                         b[7] ^= n * j + i;
00058 
00059                         os_memcpy(b + 8, r, 8);
00060                         aes_decrypt(ctx, b, b);
00061                         os_memcpy(a, b, 8);
00062                         os_memcpy(r, b + 8, 8);
00063                         r -= 8;
00064                 }
00065         }
00066         aes_decrypt_deinit(ctx);
00067 
00068         /* 3) Output results.
00069          *
00070          * These are already in @plain due to the location of temporary
00071          * variables. Just verify that the IV matches with the expected value.
00072          */
00073         for (i = 0; i < 8; i++) {
00074                 if (a[i] != 0xa6)
00075                         return -1;
00076         }
00077 
00078         return 0;
00079 }


wpa_supplicant_node
Author(s): Package maintained by Blaise Gassend
autogenerated on Thu Apr 24 2014 15:33:19