Exemple #1
0
static void test_aes_perf(void)
{
#if 0 /* this did not seem to work with new compiler?! */
#ifdef __i386__
#define rdtscll(val) \
     __asm__ __volatile__("rdtsc" : "=A" (val))
	const int num_iters = 10;
	int i;
	unsigned int start, end;
	u8 key[16], pt[16], ct[16];
	void *ctx;

	printf("keySetupEnc:");
	for (i = 0; i < num_iters; i++) {
		rdtscll(start);
		ctx = aes_encrypt_init(key, 16);
		rdtscll(end);
		aes_encrypt_deinit(ctx);
		printf(" %d", end - start);
	}
	printf("\n");

	printf("Encrypt:");
	ctx = aes_encrypt_init(key, 16);
	for (i = 0; i < num_iters; i++) {
		rdtscll(start);
		aes_encrypt(ctx, pt, ct);
		rdtscll(end);
		printf(" %d", end - start);
	}
	aes_encrypt_deinit(ctx);
	printf("\n");
#endif /* __i386__ */
#endif
}
Exemple #2
0
/**
 * aes_128_ctr_encrypt - AES-128 CTR mode encryption
 * @key: Key for encryption (16 bytes)
 * @nonce: Nonce for counter mode (16 bytes)
 * @data: Data to encrypt in-place
 * @data_len: Length of data in bytes
 * Returns: 0 on success, -1 on failure
 */
int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce, u8 *data, size_t data_len)
{
	void *ctx;
	size_t j, len, left = data_len;
	int i;
	u8 *pos = data;
	u8 counter[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE];

	ctx = aes_encrypt_init(key, 16);
	if (ctx == NULL) {
		return -1;
	}
	os_memcpy(counter, nonce, AES_BLOCK_SIZE);

	while (left > 0) {
		aes_encrypt(ctx, counter, buf);

		len = (left < AES_BLOCK_SIZE) ? left : AES_BLOCK_SIZE;
		for (j = 0; j < len; j++) {
			pos[j] ^= buf[j];
		}
		pos += len;
		left -= len;

		for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
			counter[i]++;
			if (counter[i]) {
				break;
			}
		}
	}
	aes_encrypt_deinit(ctx);
	return 0;
}
Exemple #3
0
/**
 * aes_gcm_ae - GCM-AE_K(IV, P, A)
 */
int aes_gcm_ae(
           void *aes, // DHD20150614
           const u8 *key, size_t key_len, const u8 *iv, size_t iv_len,
	       const u8 *plain, size_t plain_len,
	       const u8 *aad, size_t aad_len, u8 *crypt, u8 *tag)
{
	u8 H[AES_BLOCK_SIZE];
	u8 J0[AES_BLOCK_SIZE];
	u8 S[16];
//	void *aes;

//	aes =
	aes_gcm_init_hash_subkey(
			aes, // DHD20150614
			key, key_len, H);
//	if (aes == NULL)
//		return -1;

	aes_gcm_prepare_j0(iv, iv_len, H, J0);

	/* C = GCTR_K(inc_32(J_0), P) */
	aes_gcm_gctr(aes, J0, plain, plain_len, crypt);

	aes_gcm_ghash(H, aad, aad_len, crypt, plain_len, S);

	/* T = MSB_t(GCTR_K(J_0, S)) */
	aes_gctr(aes, J0, S, sizeof(S), tag);

	/* Return (C, T) */

	aes_encrypt_deinit(aes);

	return 0;
}
Exemple #4
0
/**
 * aes_gcm_ad - GCM-AD_K(IV, C, A, T)
 */
int aes_gcm_ad(const aes_uchar *key, size_t key_len, const aes_uchar *iv, size_t iv_len,
	       const aes_uchar *crypt, size_t crypt_len,
	       const aes_uchar *aad, size_t aad_len, const aes_uchar *tag, aes_uchar *plain)
{
	aes_uchar H[AES_BLOCK_SIZE];
	aes_uchar J0[AES_BLOCK_SIZE];
	aes_uchar S[16], T[16];
	void *aes;

	aes = aes_gcm_init_hash_subkey(key, key_len, H);
	if (aes == NULL)
		return -1;

	aes_gcm_prepare_j0(iv, iv_len, H, J0);

	/* P = GCTR_K(inc_32(J_0), C) */
	aes_gcm_gctr(aes, J0, crypt, crypt_len, plain);

	aes_gcm_ghash(H, aad, aad_len, crypt, crypt_len, S);

	/* T' = MSB_t(GCTR_K(J_0, S)) */
	aes_gctr(aes, J0, S, sizeof(S), T);

	aes_encrypt_deinit(aes);

	if (memcmp(tag, T, 16) != 0) {
		aes_printf(MSG_EXCESSIVE, "GCM: Tag mismatch");
		return -1;
	}

	return 0;
}
Exemple #5
0
/**
 * aes_gcm_ae - GCM-AE_K(IV, P, A)
 */
int aes_gcm_ae(const aes_uchar *key, size_t key_len, const aes_uchar *iv, size_t iv_len,
	       const aes_uchar *plain, size_t plain_len,
	       const aes_uchar *aad, size_t aad_len, aes_uchar *crypt, aes_uchar *tag)
{
	aes_uchar H[AES_BLOCK_SIZE];
	aes_uchar J0[AES_BLOCK_SIZE];
	aes_uchar S[16];
	void *aes;

	aes = aes_gcm_init_hash_subkey(key, key_len, H);
	if (aes == NULL)
		return -1;

	aes_gcm_prepare_j0(iv, iv_len, H, J0);

	/* C = GCTR_K(inc_32(J_0), P) */
	aes_gcm_gctr(aes, J0, plain, plain_len, crypt);

	aes_gcm_ghash(H, aad, aad_len, crypt, plain_len, S);

	/* T = MSB_t(GCTR_K(J_0, S)) */
	aes_gctr(aes, J0, S, sizeof(S), tag);

	/* Return (C, T) */

	aes_encrypt_deinit(aes);

	return 0;
}
struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
					  const u8 *iv, const u8 *key,
					  size_t key_len)
{
	struct crypto_cipher *ctx;

	ctx = os_zalloc(sizeof(*ctx));
	if (ctx == NULL)
		return NULL;

	ctx->alg = alg;

	switch (alg) {
	case CRYPTO_CIPHER_ALG_RC4:
		if (key_len > sizeof(ctx->u.rc4.key)) {
			os_free(ctx);
			return NULL;
		}
		ctx->u.rc4.keylen = key_len;
		os_memcpy(ctx->u.rc4.key, key, key_len);
		break;
	case CRYPTO_CIPHER_ALG_AES:
		ctx->u.aes.ctx_enc = aes_encrypt_init(key, key_len);
		if (ctx->u.aes.ctx_enc == NULL) {
			os_free(ctx);
			return NULL;
		}
		ctx->u.aes.ctx_dec = aes_decrypt_init(key, key_len);
		if (ctx->u.aes.ctx_dec == NULL) {
			aes_encrypt_deinit(ctx->u.aes.ctx_enc);
			os_free(ctx);
			return NULL;
		}
		os_memcpy(ctx->u.aes.cbc, iv, AES_BLOCK_SIZE);
		break;
	case CRYPTO_CIPHER_ALG_3DES:
		if (key_len != 24) {
			os_free(ctx);
			return NULL;
		}
		des3_key_setup(key, &ctx->u.des3.key);
		os_memcpy(ctx->u.des3.cbc, iv, 8);
		break;
	case CRYPTO_CIPHER_ALG_DES:
		if (key_len != 8) {
			os_free(ctx);
			return NULL;
		}
		des_key_setup(key, ctx->u.des.ek, ctx->u.des.dk);
		os_memcpy(ctx->u.des.cbc, iv, 8);
		break;
	default:
		os_free(ctx);
		return NULL;
	}

	return ctx;
}
/**
 * aes_128_encrypt_block - Perform one AES 128-bit block operation
 * @key: Key for AES
 * @in: Input data (16 bytes)
 * @out: Output of the AES block operation (16 bytes)
 * Returns: 0 on success, -1 on failure
 */
int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out) {
    void *ctx;
    ctx = aes_encrypt_init(key, 16);
    if (ctx == NULL)
        return -1;
    aes_encrypt(ctx, in, out);
    aes_encrypt_deinit(ctx);
    return 0;
}
Exemple #8
0
/**
 * aes_wrap - Wrap keys with AES Key Wrap Algorithm (RFC3394)
 * @kek: Key encryption key (KEK)
 * @kek_len: Length of KEK in octets
 * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
 * bytes
 * @plain: Plaintext key to be wrapped, n * 64 bits
 * @cipher: Wrapped key, (n + 1) * 64 bits
 * Returns: 0 on success, -1 on failure
 */
int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher)
{
	u8 *a, *r, b[AES_BLOCK_SIZE];
	int i, j;
	void *ctx;
	unsigned int t;

	a = cipher;
	r = cipher + 8;

	/* 1) Initialize variables. */
	os_memset(a, 0xa6, 8);
	os_memcpy(r, plain, 8 * n);

	ctx = aes_encrypt_init(kek, kek_len);
	if (ctx == NULL) {
		return -1;
	}

	/* 2) Calculate intermediate values.
	 * For j = 0 to 5
	 *     For i=1 to n
	 *         B = AES(K, A | R[i])
	 *         A = MSB(64, B) ^ t where t = (n*j)+i
	 *         R[i] = LSB(64, B)
	 */
	for (j = 0; j <= 5; j++) {
		r = cipher + 8;
		for (i = 1; i <= n; i++) {
			os_memcpy(b, a, 8);
			os_memcpy(b + 8, r, 8);
			aes_encrypt(ctx, b, b);
			os_memcpy(a, b, 8);
			t = n * j + i;
			a[7] ^= t;
			a[6] ^= t >> 8;
			a[5] ^= t >> 16;
			a[4] ^= t >> 24;
			os_memcpy(r, b + 8, 8);
			r += 8;
		}
	}
	aes_encrypt_deinit(ctx);

	/* 3) Output the results.
	 *
	 * These are already in @cipher due to the location of temporary
	 * variables.
	 */

	return 0;
}
Exemple #9
0
void crypto_cipher_deinit(struct crypto_cipher *ctx)
{
    switch (ctx->alg) {
    case CRYPTO_CIPHER_ALG_AES:
        aes_encrypt_deinit(ctx->u.aes.ctx_enc);
        aes_decrypt_deinit(ctx->u.aes.ctx_dec);
        break;
    case CRYPTO_CIPHER_ALG_3DES:
        break;
    default:
        break;
    }
    os_free(ctx);
}
Exemple #10
0
/**
 * aes_128_cbc_encrypt - AES-128 CBC encryption
 * @key: Encryption key
 * @iv: Encryption IV for CBC mode (16 bytes)
 * @data: Data to encrypt in-place
 * @data_len: Length of data in bytes (must be divisible by 16)
 * Returns: 0 on success, -1 on failure
 */
int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
{
	void *ctx;
	u8 cbc[AES_BLOCK_SIZE];
	u8 *pos = data;
	int i, j, blocks;

	ctx = aes_encrypt_init(key, 16);
	if (ctx == NULL)
		return -1;
	os_memcpy(cbc, iv, AES_BLOCK_SIZE);

	blocks = data_len / AES_BLOCK_SIZE;
	for (i = 0; i < blocks; i++) {
		for (j = 0; j < AES_BLOCK_SIZE; j++)
			cbc[j] ^= pos[j];
		aes_encrypt(ctx, cbc, cbc);
		os_memcpy(pos, cbc, AES_BLOCK_SIZE);
		pos += AES_BLOCK_SIZE;
	}
	aes_encrypt_deinit(ctx);
	return 0;
}
Exemple #11
0
/**
 * aes_gcm_ad - GCM-AD_K(IV, C, A, T)
 */
int aes_gcm_ad(
		   void *aes, // DHD20150614
		   const u8 *key, size_t key_len, const u8 *iv, size_t iv_len,
	       const u8 *crypt, size_t crypt_len,
	       const u8 *aad, size_t aad_len, const u8 *tag, u8 *plain)
{
	u8 H[AES_BLOCK_SIZE];
	u8 J0[AES_BLOCK_SIZE];
	u8 S[16], T[16];
//	void *aes;

//	aes =
	aes_gcm_init_hash_subkey(
			aes, // DHD20150614
			key, key_len, H);
//	if (aes == NULL)
//		return -1;

	aes_gcm_prepare_j0(iv, iv_len, H, J0);

	/* P = GCTR_K(inc_32(J_0), C) */
	aes_gcm_gctr(aes, J0, crypt, crypt_len, plain);

	aes_gcm_ghash(H, aad, aad_len, crypt, crypt_len, S);

	/* T' = MSB_t(GCTR_K(J_0, S)) */
	aes_gctr(aes, J0, S, sizeof(S), T);

	aes_encrypt_deinit(aes);

	if (os_memcmp_const(tag, T, 16) != 0) {
		/* printf("GCM: Tag mismatch\n"); */
		return -1;
	}

	return 0;
}
Exemple #12
0
void aes_decrypt_deinit(void *ctx)
{
	aes_encrypt_deinit(ctx);
}
Exemple #13
0
u8 * ccmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
		  const u8 *data, size_t data_len, size_t *decrypted_len)
{
	u8 aad[2 + 30], nonce[13];
	size_t aad_len;
	u8 b[AES_BLOCK_SIZE], x[AES_BLOCK_SIZE], a[AES_BLOCK_SIZE];
	void *aes;
	const u8 *m, *mpos, *mic;
	size_t mlen, last;
	int i;
	u8 *plain, *ppos;
	u8 t[8];

	if (data_len < 8 + 8)
		return NULL;

	plain = os_malloc(data_len + AES_BLOCK_SIZE);
	if (plain == NULL)
		return NULL;

	aes = aes_encrypt_init(tk, 16);
	if (aes == NULL) {
		os_free(plain);
		return NULL;
	}

	m = data + 8;
	mlen = data_len - 8 - 8;
	last = mlen % AES_BLOCK_SIZE;

	os_memset(aad, 0, sizeof(aad));
	ccmp_aad_nonce(hdr, data, &aad[2], &aad_len, nonce);
	WPA_PUT_BE16(aad, aad_len);
	wpa_hexdump(MSG_EXCESSIVE, "CCMP AAD", &aad[2], aad_len);
	wpa_hexdump(MSG_EXCESSIVE, "CCMP nonce", nonce, 13);

	/* CCM: M=8 L=2, Adata=1, M' = (M-2)/2 = 3, L' = L-1 = 1 */

	/* A_i = Flags | Nonce N | Counter i */
	a[0] = 0x01; /* Flags = L' */
	os_memcpy(&a[1], nonce, 13);

	/* Decryption */

	mic = data + data_len - 8;
	wpa_hexdump(MSG_EXCESSIVE, "CCMP U", mic, 8);
	/* U = T XOR S_0; S_0 = E(K, A_0) */
	WPA_PUT_BE16(&a[14], 0);
	aes_encrypt(aes, a, x);
	for (i = 0; i < 8; i++)
		t[i] = mic[i] ^ x[i];
	wpa_hexdump(MSG_EXCESSIVE, "CCMP T", t, 8);

	/* plaintext = msg XOR (S_1 | S_2 | ... | S_n) */
	ppos = plain;
	mpos = m;
	for (i = 1; i <= mlen / AES_BLOCK_SIZE; i++) {
		WPA_PUT_BE16(&a[14], i);
		/* S_i = E(K, A_i) */
		aes_encrypt(aes, a, ppos);
		xor_aes_block(ppos, mpos);
		ppos += AES_BLOCK_SIZE;
		mpos += AES_BLOCK_SIZE;
	}
	if (last) {
		WPA_PUT_BE16(&a[14], i);
		aes_encrypt(aes, a, ppos);
		/* XOR zero-padded last block */
		for (i = 0; i < last; i++)
			*ppos++ ^= *mpos++;
	}
	wpa_hexdump(MSG_EXCESSIVE, "CCMP decrypted", plain, mlen);

	/* Authentication */
	/* B_0: Flags | Nonce N | l(m) */
	b[0] = 0x40 /* Adata */ | (3 /* M' */ << 3) | 1 /* L' */;
	os_memcpy(&b[1], nonce, 13);
	WPA_PUT_BE16(&b[14], mlen);

	wpa_hexdump(MSG_EXCESSIVE, "CCMP B_0", b, AES_BLOCK_SIZE);
	aes_encrypt(aes, b, x); /* X_1 = E(K, B_0) */

	wpa_hexdump(MSG_EXCESSIVE, "CCMP B_1", aad, AES_BLOCK_SIZE);
	xor_aes_block(aad, x);
	aes_encrypt(aes, aad, x); /* X_2 = E(K, X_1 XOR B_1) */

	wpa_hexdump(MSG_EXCESSIVE, "CCMP B_2", &aad[AES_BLOCK_SIZE],
		    AES_BLOCK_SIZE);
	xor_aes_block(&aad[AES_BLOCK_SIZE], x);
	aes_encrypt(aes, &aad[AES_BLOCK_SIZE], x); /* X_3 = E(K, X_2 XOR B_2)
						    */

	ppos = plain;
	for (i = 0; i < mlen / AES_BLOCK_SIZE; i++) {
		/* X_i+1 = E(K, X_i XOR B_i) */
		xor_aes_block(x, ppos);
		ppos += AES_BLOCK_SIZE;
		aes_encrypt(aes, x, x);
	}
	if (last) {
		/* XOR zero-padded last block */
		for (i = 0; i < last; i++)
			x[i] ^= *ppos++;
		aes_encrypt(aes, x, x);
	}

	aes_encrypt_deinit(aes);

	if (os_memcmp(x, t, 8) != 0) {
		u16 seq_ctrl = le_to_host16(hdr->seq_ctrl);
		wpa_printf(MSG_INFO, "Invalid CCMP MIC in frame: A1=" MACSTR
			   " A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u",
			   MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
			   MAC2STR(hdr->addr3),
			   WLAN_GET_SEQ_SEQ(seq_ctrl),
			   WLAN_GET_SEQ_FRAG(seq_ctrl));
		wpa_hexdump(MSG_DEBUG, "CCMP decrypted", plain, mlen);
		os_free(plain);
		return NULL;
	}

	*decrypted_len = mlen;
	return plain;
}
Exemple #14
0
u8 * ccmp_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, u8 *qos,
		  u8 *pn, int keyid, size_t *encrypted_len)
{
	u8 aad[2 + 30], nonce[13];
	size_t aad_len;
	u8 b[AES_BLOCK_SIZE], x[AES_BLOCK_SIZE], a[AES_BLOCK_SIZE];
	void *aes;
	u8 *crypt, *pos, *ppos, *mpos;
	size_t plen, last;
	struct ieee80211_hdr *hdr;
	int i;

	if (len < hdrlen || hdrlen < 24)
		return NULL;
	plen = len - hdrlen;
	last = plen % AES_BLOCK_SIZE;

	crypt = os_malloc(hdrlen + 8 + plen + 8 + AES_BLOCK_SIZE);
	if (crypt == NULL)
		return NULL;

	os_memcpy(crypt, frame, hdrlen);
	hdr = (struct ieee80211_hdr *) crypt;
	hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
	pos = crypt + hdrlen;
	*pos++ = pn[5]; /* PN0 */
	*pos++ = pn[4]; /* PN1 */
	*pos++ = 0x00; /* Rsvd */
	*pos++ = 0x20 | (keyid << 6);
	*pos++ = pn[3]; /* PN2 */
	*pos++ = pn[2]; /* PN3 */
	*pos++ = pn[1]; /* PN4 */
	*pos++ = pn[0]; /* PN5 */

	aes = aes_encrypt_init(tk, 16);
	if (aes == NULL) {
		os_free(crypt);
		return NULL;
	}

	os_memset(aad, 0, sizeof(aad));
	ccmp_aad_nonce(hdr, crypt + hdrlen, &aad[2], &aad_len, nonce);
	WPA_PUT_BE16(aad, aad_len);
	wpa_hexdump(MSG_EXCESSIVE, "CCMP AAD", &aad[2], aad_len);
	wpa_hexdump(MSG_EXCESSIVE, "CCMP nonce", nonce, 13);

	/* Authentication */
	/* B_0: Flags | Nonce N | l(m) */
	b[0] = 0x40 /* Adata */ | (3 /* M' */ << 3) | 1 /* L' */;
	os_memcpy(&b[1], nonce, 13);
	WPA_PUT_BE16(&b[14], plen);

	wpa_hexdump(MSG_EXCESSIVE, "CCMP B_0", b, AES_BLOCK_SIZE);
	aes_encrypt(aes, b, x); /* X_1 = E(K, B_0) */

	wpa_hexdump(MSG_EXCESSIVE, "CCMP B_1", aad, AES_BLOCK_SIZE);
	xor_aes_block(aad, x);
	aes_encrypt(aes, aad, x); /* X_2 = E(K, X_1 XOR B_1) */

	wpa_hexdump(MSG_EXCESSIVE, "CCMP B_2", &aad[AES_BLOCK_SIZE],
		    AES_BLOCK_SIZE);
	xor_aes_block(&aad[AES_BLOCK_SIZE], x);
	aes_encrypt(aes, &aad[AES_BLOCK_SIZE], x); /* X_3 = E(K, X_2 XOR B_2)
						    */

	ppos = frame + hdrlen;
	for (i = 0; i < plen / AES_BLOCK_SIZE; i++) {
		/* X_i+1 = E(K, X_i XOR B_i) */
		xor_aes_block(x, ppos);
		ppos += AES_BLOCK_SIZE;
		aes_encrypt(aes, x, x);
	}
	if (last) {
		/* XOR zero-padded last block */
		for (i = 0; i < last; i++)
			x[i] ^= *ppos++;
		aes_encrypt(aes, x, x);
	}

	/* Encryption */

	/* CCM: M=8 L=2, Adata=1, M' = (M-2)/2 = 3, L' = L-1 = 1 */

	/* A_i = Flags | Nonce N | Counter i */
	a[0] = 0x01; /* Flags = L' */
	os_memcpy(&a[1], nonce, 13);

	ppos = crypt + hdrlen + 8;

	/* crypt = msg XOR (S_1 | S_2 | ... | S_n) */
	mpos = frame + hdrlen;
	for (i = 1; i <= plen / AES_BLOCK_SIZE; i++) {
		WPA_PUT_BE16(&a[14], i);
		/* S_i = E(K, A_i) */
		aes_encrypt(aes, a, ppos);
		xor_aes_block(ppos, mpos);
		ppos += AES_BLOCK_SIZE;
		mpos += AES_BLOCK_SIZE;
	}
	if (last) {
		WPA_PUT_BE16(&a[14], i);
		aes_encrypt(aes, a, ppos);
		/* XOR zero-padded last block */
		for (i = 0; i < last; i++)
			*ppos++ ^= *mpos++;
	}

	wpa_hexdump(MSG_EXCESSIVE, "CCMP T", x, 8);
	/* U = T XOR S_0; S_0 = E(K, A_0) */
	WPA_PUT_BE16(&a[14], 0);
	aes_encrypt(aes, a, b);
	for (i = 0; i < 8; i++)
		ppos[i] = x[i] ^ b[i];
	wpa_hexdump(MSG_EXCESSIVE, "CCMP U", ppos, 8);

	wpa_hexdump(MSG_EXCESSIVE, "CCMP encrypted", crypt + hdrlen + 8, plen);

	aes_encrypt_deinit(aes);

	*encrypted_len = hdrlen + 8 + plen + 8;

	return crypt;
}