/**
* @brief Wrap keys with AES Key Wrap Algorithm (128-bit KEK)
*
* @param pPlainTxt Plaintext key to be wrapped
* @param TextLen Length of the plain key in bytes (16 bytes)
* @param pCipTxt Wrapped key
* @param pKEK Key encryption key (KEK)
* @param KeyLen Length of KEK in bytes (must be divisible by 16)
* @param IV Encryption IV for CBC mode (16 bytes)
* @return 0 on success, -1 on failure
*/
int
MrvAES_Wrap(u8 * pPlainTxt, u32 TextLen, u8 * pCipTxt, u8 * pKEK, u32 KeyLen,
u8 * IV)
{
u8 *buf;
if ((TextLen / 16) % 2) {
buf = (u8 *) crypto_mem_malloc(TextLen);
if (buf == NULL) {
crypto_e("MrvAES_Wrap malloc failed!\n");
return -WM_FAIL;
}
memcpy(buf, pPlainTxt, TextLen);
aes_128_cbc_encrypt(pKEK, IV, buf, TextLen);
memcpy(pCipTxt, buf, TextLen);
} else {
buf = (u8 *) crypto_mem_malloc(TextLen + 16);
if (buf == NULL) {
crypto_e("MrvAES_Wrap malloc failed!\n");
return -WM_FAIL;
}
memcpy(buf, pPlainTxt, TextLen);
memset(&buf[TextLen], 0x10, 16);
aes_128_cbc_encrypt(pKEK, IV, buf, TextLen + 16);
memcpy(pCipTxt, buf, TextLen + 16);
}
crypto_mem_free(buf);
return WM_SUCCESS;
}
int wps_build_encr_settings(struct wps_data *wps, struct wpabuf *msg,
struct wpabuf *plain)
{
size_t pad_len;
const size_t block_size = 16;
u8 *iv, *data;
wpa_printf(MSG_DEBUG, "WPS: * Encrypted Settings");
/* PKCS#5 v2.0 pad */
pad_len = block_size - wpabuf_len(plain) % block_size;
os_memset(wpabuf_put(plain, pad_len), pad_len, pad_len);
wpabuf_put_be16(msg, ATTR_ENCR_SETTINGS);
wpabuf_put_be16(msg, block_size + wpabuf_len(plain));
iv = wpabuf_put(msg, block_size);
if (random_get_bytes(iv, block_size) < 0)
return -1;
data = wpabuf_put(msg, 0);
wpabuf_put_buf(msg, plain);
if (aes_128_cbc_encrypt(wps->keywrapkey, iv, data, wpabuf_len(plain)))
return -1;
return 0;
}
int eap_sim_msg_add_encr_end(struct eap_sim_msg *msg, u8 *k_encr, int attr_pad)
{
size_t encr_len;
if (msg == NULL || k_encr == NULL || msg->iv == 0 || msg->encr == 0)
return -1;
encr_len = wpabuf_len(msg->buf) - msg->encr - 4;
if (encr_len % 16) {
u8 *pos;
int pad_len = 16 - (encr_len % 16);
if (pad_len < 4) {
wpa_printf(MSG_WARNING, "EAP-SIM: "
"eap_sim_msg_add_encr_end - invalid pad_len"
" %d", pad_len);
return -1;
}
wpa_printf(MSG_DEBUG, " *AT_PADDING");
pos = eap_sim_msg_add(msg, attr_pad, 0, NULL, pad_len - 4);
if (pos == NULL)
return -1;
os_memset(pos + 4, 0, pad_len - 4);
encr_len += pad_len;
}
wpa_printf(MSG_DEBUG, " (AT_ENCR_DATA data len %lu)",
(unsigned long) encr_len);
wpabuf_mhead_u8(msg->buf)[msg->encr + 1] = encr_len / 4 + 1;
return aes_128_cbc_encrypt(k_encr, wpabuf_head_u8(msg->buf) + msg->iv,
wpabuf_mhead_u8(msg->buf) + msg->encr + 4,
encr_len);
}
int eap_eke_dhcomp(struct eap_eke_session *sess, const u8 *key, const u8 *dhpub,
u8 *ret_dhcomp)
{
u8 pub[EAP_EKE_MAX_DH_LEN];
int dh_len;
u8 iv[AES_BLOCK_SIZE];
dh_len = eap_eke_dh_len(sess->dhgroup);
if (dh_len < 0)
return -1;
/*
* DHComponent = Encr(key, y)
*
* All defined DH groups use primes that have length devisible by 16, so
* no need to do extra padding for y (= pub).
*/
if (sess->encr != EAP_EKE_ENCR_AES128_CBC)
return -1;
if (random_get_bytes(iv, AES_BLOCK_SIZE))
return -1;
wpa_hexdump(MSG_DEBUG, "EAP-EKE: IV for Encr(key, y)",
iv, AES_BLOCK_SIZE);
os_memcpy(pub, dhpub, dh_len);
if (aes_128_cbc_encrypt(key, iv, pub, dh_len) < 0)
return -1;
os_memcpy(ret_dhcomp, iv, AES_BLOCK_SIZE);
os_memcpy(ret_dhcomp + AES_BLOCK_SIZE, pub, dh_len);
wpa_hexdump(MSG_DEBUG, "EAP-EKE: DHComponent = Encr(key, y)",
ret_dhcomp, AES_BLOCK_SIZE + dh_len);
return 0;
}
int eap_eke_prot(struct eap_eke_session *sess,
const u8 *data, size_t data_len,
u8 *prot, size_t *prot_len)
{
size_t block_size, icv_len, pad;
u8 *pos, *iv, *e;
if (sess->encr == EAP_EKE_ENCR_AES128_CBC)
block_size = AES_BLOCK_SIZE;
else
return -1;
if (sess->mac == EAP_EKE_PRF_HMAC_SHA1)
icv_len = SHA1_MAC_LEN;
else if (sess->mac == EAP_EKE_PRF_HMAC_SHA2_256)
icv_len = SHA256_MAC_LEN;
else
return -1;
pad = data_len % block_size;
if (pad)
pad = block_size - pad;
if (*prot_len < block_size + data_len + pad + icv_len) {
wpa_printf(MSG_INFO, "EAP-EKE: Not enough room for Prot() data");
return -1;
}
pos = prot;
if (random_get_bytes(pos, block_size))
return -1;
iv = pos;
wpa_hexdump(MSG_DEBUG, "EAP-EKE: IV for Prot()", iv, block_size);
pos += block_size;
e = pos;
os_memcpy(pos, data, data_len);
pos += data_len;
if (pad) {
if (random_get_bytes(pos, pad))
return -1;
pos += pad;
}
if (aes_128_cbc_encrypt(sess->ke, iv, e, data_len + pad) < 0 ||
eap_eke_mac(sess->mac, sess->ki, e, data_len + pad, pos) < 0)
return -1;
pos += icv_len;
*prot_len = pos - prot;
return 0;
}
int
main( int argc, char** argv )
{
bswabe_pub_t* pub;
bswabe_cph_t* cph;
int file_len;
GByteArray* plt;
GByteArray* cph_buf;
GByteArray* aes_buf;
element_t m;
clock_t start, end;
float time_result;
parse_args(argc, argv);
pub = bswabe_pub_unserialize(suck_file(pub_file), 1);
//Start timer
start=clock();
if( !(cph = bswabe_enc(pub, m, policy)) )
die("%s", bswabe_error());
free(policy);
cph_buf = bswabe_cph_serialize(cph);
bswabe_cph_free(cph);
plt = suck_file(in_file);
file_len = plt->len;
aes_buf = aes_128_cbc_encrypt(plt, m);
g_byte_array_free(plt, 1);
element_clear(m);
write_cpabe_file(out_file, cph_buf, file_len, aes_buf);
//End Timer, display output
end=clock();
time_result = (float) (end-start)/(float) CLOCKS_PER_SEC;
printf("Computation took %f seconds\n",time_result);
g_byte_array_free(cph_buf, 1);
g_byte_array_free(aes_buf, 1);
if( !keep )
unlink(in_file);
return 0;
}
int
main( int argc, char** argv )
{
kpabe_pub_t* pub;
kpabe_cph_t* cph;
int file_len;
GByteArray* plt;
GByteArray* cph_buf;
GByteArray* aes_buf;
element_t m;
parse_args(argc, argv);
pub = kpabe_pub_unserialize(suck_file(pub_file), 1);
if( !(cph = kpabe_enc(pub, m, attrs)) )
die("%s", kpabe_error());
free(attrs);
cph_buf = kpabe_cph_serialize(cph);
kpabe_cph_free(cph);
plt = suck_file(in_file);
file_len = plt->len;
aes_buf = aes_128_cbc_encrypt(plt, m);
g_byte_array_free(plt, 1);
element_clear(m);
write_kpabe_file(out_file, cph_buf, file_len, aes_buf);
g_byte_array_free(cph_buf, 1);
g_byte_array_free(aes_buf, 1);
if( !keep )
unlink(in_file);
return 0;
}
static int test_cbc(void)
{
struct cbc_test_vector {
u8 key[16];
u8 iv[16];
u8 plain[32];
u8 cipher[32];
size_t len;
} vectors[] = {
{
{ 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
{ 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
"Single block msg",
{ 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a },
16
},
{
{ 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
{ 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
{ 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 },
32
}
};
int ret = 0;
u8 *buf;
unsigned int i;
for (i = 0; i < ARRAY_SIZE(vectors); i++) {
struct cbc_test_vector *tv = &vectors[i];
buf = malloc(tv->len);
if (buf == NULL) {
ret++;
break;
}
memcpy(buf, tv->plain, tv->len);
if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) ||
memcmp(buf, tv->cipher, tv->len) != 0) {
printf("AES-CBC encrypt %d failed\n", i);
ret++;
}
memcpy(buf, tv->cipher, tv->len);
if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) ||
memcmp(buf, tv->plain, tv->len) != 0) {
printf("AES-CBC decrypt %d failed\n", i);
ret++;
}
free(buf);
}
return ret;
}
