aes-wrap.c

Go to the documentation of this file.

/*
 * AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
 *
 * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 * Alternatively, this software may be distributed under the terms of BSD
 * license.
 *
 * See README and COPYING for more details.
 */

#include "includes.h"

#include "common.h"
#include "aes.h"
#include "aes_wrap.h"

int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher)
{
        u8 *a, *r, b[16];
        int i, j;
        void *ctx;

        a = cipher;
        r = cipher + 8;

        /* 1) Initialize variables. */
        os_memset(a, 0xa6, 8);
        os_memcpy(r, plain, 8 * n);

        ctx = aes_encrypt_init(kek, 16);
        if (ctx == NULL)
                return -1;

        /* 2) Calculate intermediate values.
         * For j = 0 to 5
         *     For i=1 to n
         *         B = AES(K, A | R[i])
         *         A = MSB(64, B) ^ t where t = (n*j)+i
         *         R[i] = LSB(64, B)
         */
        for (j = 0; j <= 5; j++) {
                r = cipher + 8;
                for (i = 1; i <= n; i++) {
                        os_memcpy(b, a, 8);
                        os_memcpy(b + 8, r, 8);
                        aes_encrypt(ctx, b, b);
                        os_memcpy(a, b, 8);
                        a[7] ^= n * j + i;
                        os_memcpy(r, b + 8, 8);
                        r += 8;
                }
        }
        aes_encrypt_deinit(ctx);

        /* 3) Output the results.
         *
         * These are already in @cipher due to the location of temporary
         * variables.
         */

        return 0;
}