00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016 #include "includes.h"
00017
00018 #include "common.h"
00019 #include "aes.h"
00020 #include "aes_wrap.h"
00021
00034 int aes_128_eax_encrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
00035 const u8 *hdr, size_t hdr_len,
00036 u8 *data, size_t data_len, u8 *tag)
00037 {
00038 u8 *buf;
00039 size_t buf_len;
00040 u8 nonce_mac[AES_BLOCK_SIZE], hdr_mac[AES_BLOCK_SIZE],
00041 data_mac[AES_BLOCK_SIZE];
00042 int i, ret = -1;
00043
00044 if (nonce_len > data_len)
00045 buf_len = nonce_len;
00046 else
00047 buf_len = data_len;
00048 if (hdr_len > buf_len)
00049 buf_len = hdr_len;
00050 buf_len += 16;
00051
00052 buf = os_malloc(buf_len);
00053 if (buf == NULL)
00054 return -1;
00055
00056 os_memset(buf, 0, 15);
00057
00058 buf[15] = 0;
00059 os_memcpy(buf + 16, nonce, nonce_len);
00060 if (omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac))
00061 goto fail;
00062
00063 buf[15] = 1;
00064 os_memcpy(buf + 16, hdr, hdr_len);
00065 if (omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac))
00066 goto fail;
00067
00068 if (aes_128_ctr_encrypt(key, nonce_mac, data, data_len))
00069 goto fail;
00070 buf[15] = 2;
00071 os_memcpy(buf + 16, data, data_len);
00072 if (omac1_aes_128(key, buf, 16 + data_len, data_mac))
00073 goto fail;
00074
00075 for (i = 0; i < AES_BLOCK_SIZE; i++)
00076 tag[i] = nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i];
00077
00078 ret = 0;
00079 fail:
00080 os_free(buf);
00081
00082 return ret;
00083 }
00084
00085
00098 int aes_128_eax_decrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
00099 const u8 *hdr, size_t hdr_len,
00100 u8 *data, size_t data_len, const u8 *tag)
00101 {
00102 u8 *buf;
00103 size_t buf_len;
00104 u8 nonce_mac[AES_BLOCK_SIZE], hdr_mac[AES_BLOCK_SIZE],
00105 data_mac[AES_BLOCK_SIZE];
00106 int i;
00107
00108 if (nonce_len > data_len)
00109 buf_len = nonce_len;
00110 else
00111 buf_len = data_len;
00112 if (hdr_len > buf_len)
00113 buf_len = hdr_len;
00114 buf_len += 16;
00115
00116 buf = os_malloc(buf_len);
00117 if (buf == NULL)
00118 return -1;
00119
00120 os_memset(buf, 0, 15);
00121
00122 buf[15] = 0;
00123 os_memcpy(buf + 16, nonce, nonce_len);
00124 if (omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac)) {
00125 os_free(buf);
00126 return -1;
00127 }
00128
00129 buf[15] = 1;
00130 os_memcpy(buf + 16, hdr, hdr_len);
00131 if (omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac)) {
00132 os_free(buf);
00133 return -1;
00134 }
00135
00136 buf[15] = 2;
00137 os_memcpy(buf + 16, data, data_len);
00138 if (omac1_aes_128(key, buf, 16 + data_len, data_mac)) {
00139 os_free(buf);
00140 return -1;
00141 }
00142
00143 os_free(buf);
00144
00145 for (i = 0; i < AES_BLOCK_SIZE; i++) {
00146 if (tag[i] != (nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i]))
00147 return -2;
00148 }
00149
00150 return aes_128_ctr_encrypt(key, nonce_mac, data, data_len);
00151 }