void aes_set_key(rijndaelCtx *ctx, const uint8_t *key, unsigned keybits, int enc) { uint32_t *k; k = (uint32_t *)key; rijndael_set_key(ctx, k, keybits, enc); }
int aes_xts_setkey(u_int8_t **sched, u_int8_t *key, int len) { struct aes_xts_ctx *ctx; if (len != 32 && len != 64) return -1; *sched = kmalloc(sizeof(struct aes_xts_ctx), M_CRYPTO_DATA, M_WAITOK | M_ZERO); ctx = (struct aes_xts_ctx *)*sched; rijndael_set_key(&ctx->key1, key, len * 4); rijndael_set_key(&ctx->key2, key + (len / 2), len * 4); return 0; }
INT AirPDcapCcmpDecrypt( UINT8 *m, gint mac_header_len, INT len, UCHAR TK1[16]) { PAIRPDCAP_MAC_FRAME wh; UINT8 aad[2 * AES_BLOCK_LEN]; UINT8 b0[AES_BLOCK_LEN], b[AES_BLOCK_LEN], a[AES_BLOCK_LEN]; UINT8 mic[AES_BLOCK_LEN]; size_t data_len; UINT i; UINT8 *pos; UINT space; INT z = mac_header_len; rijndael_ctx key; UINT64 PN; UINT8 *ivp=m+z; PN = READ_6(ivp[0], ivp[1], ivp[4], ivp[5], ivp[6], ivp[7]); /* freebsd */ rijndael_set_key(&key, TK1, 128); wh = (PAIRPDCAP_MAC_FRAME )m; data_len = len - (z + AIRPDCAP_CCMP_HEADER+AIRPDCAP_CCMP_TRAILER); if (data_len < 1) return 0; ccmp_init_blocks(&key, wh, PN, data_len, b0, aad, a, b); memcpy(mic, m+len-AIRPDCAP_CCMP_TRAILER, AIRPDCAP_CCMP_TRAILER); XOR_BLOCK(mic, b, AIRPDCAP_CCMP_TRAILER); i = 1; pos = (UINT8 *)m + z + AIRPDCAP_CCMP_HEADER; space = len - (z + AIRPDCAP_CCMP_HEADER); if (space > data_len) space = (UINT)data_len; while (space >= AES_BLOCK_LEN) { CCMP_DECRYPT(i, b, b0, pos, a, AES_BLOCK_LEN); pos += AES_BLOCK_LEN, space -= AES_BLOCK_LEN; data_len -= AES_BLOCK_LEN; i++; } if (space != 0) /* short last block */ CCMP_DECRYPT(i, b, b0, pos, a, space); /* MIC Key ?= MIC */ if (memcmp(mic, a, AIRPDCAP_CCMP_TRAILER) == 0) { return 0; } /* TODO replay check (IEEE 802.11i-2004, pg. 62) */ /* TODO PN must be incremental (IEEE 802.11i-2004, pg. 62) */ return 1; }
static int aes_xts_setkey(u_int8_t **sched, u_int8_t *key, int len) { struct aes_xts_ctx *ctx; if (len != 32 && len != 64) return EINVAL; *sched = KMALLOC(sizeof(struct aes_xts_ctx), M_CRYPTO_DATA, M_NOWAIT | M_ZERO); if (*sched == NULL) return ENOMEM; ctx = (struct aes_xts_ctx *)*sched; rijndael_set_key(&ctx->key1, key, len * 4); rijndael_set_key(&ctx->key2, key + (len / 2), len * 4); return 0; }
static int rijndael128_setkey(u_int8_t **sched, const u_int8_t *key, int len) { if (len != 16 && len != 24 && len != 32) return EINVAL; *sched = malloc(sizeof(rijndael_ctx), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); if (*sched == NULL) return ENOMEM; rijndael_set_key((rijndael_ctx *) *sched, key, len * 8); return 0; }
/* Based on RFC 3394 and NIST AES Key Wrap Specification pseudo-code. This function is used to unwrap an encrypted AES key. One example of its use is in the WPA-2 protocol to get the group key. */ UCHAR * AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len) { UCHAR *output; UCHAR a[8], b[16]; UCHAR *r; gint16 i, j, n; rijndael_ctx ctx; if (kek == NULL || cipher_len < 16 || cipher_text == NULL) { return NULL; /* "should not happen" */ } /* Allocate buffer for the unwrapped key */ output = (guint8 *)wmem_alloc(wmem_packet_scope(), cipher_len); /* Initialize variables */ n = (cipher_len/8)-1; /* the algorithm works on 64-bits at a time */ memcpy(a, cipher_text, 8); r = output; memcpy(r, cipher_text+8, cipher_len - 8); /* Compute intermediate values */ for (j=5; j >= 0; --j) { r = output + (n - 1) * 8; /* DEBUG_DUMP("r1", (r-8), 8); */ /* DEBUG_DUMP("r2", r, 8); */ for (i = n; i >= 1; --i) { UINT16 t = (n*j) + i; /* DEBUG_DUMP("a", a, 8); */ memcpy(b, a, 8); b[7] ^= t; /* DEBUG_DUMP("a plus t", b, 8); */ memcpy(b+8, r, 8); rijndael_set_key(&ctx, kek, key_len*8 /*bits*/); rijndael_decrypt(&ctx, b, b); /* NOTE: we are using the same src and dst buffer. It's ok. */ /* DEBUG_DUMP("aes decrypt", b, 16) */ memcpy(a,b,8); memcpy(r, b+8, 8); r -= 8; } } /* DEBUG_DUMP("a", a, 8); */ /* DEBUG_DUMP("output", output, cipher_len - 8); */ return output; }
/* Based on RFC 3394 and NIST AES Key Wrap Specification pseudo-code. This function is used to unwrap an encrypted AES key. One example of its use is in the WPA-2 protocol to get the group key. */ UCHAR AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len, UCHAR *output) { UCHAR a[8], b[16]; UCHAR *r; UCHAR *c; gint16 i, j, n; rijndael_ctx ctx; if (! kek || cipher_len < 16 || ! cipher_text || ! output) { return 1; /* We don't do anything with the return value */ } /* Initialize variables */ n = (cipher_len/8)-1; /* the algorithm works on 64-bits at a time */ memcpy(a, cipher_text, 8); r = output; c = cipher_text; memcpy(r, c+8, cipher_len - 8); /* Compute intermediate values */ for (j=5; j >= 0; --j){ r = output + (n - 1) * 8; /* DEBUG_DUMP("r1", (r-8), 8); */ /* DEBUG_DUMP("r2", r, 8); */ for (i = n; i >= 1; --i){ UINT16 t = (n*j) + i; /* DEBUG_DUMP("a", a, 8); */ memcpy(b, a, 8); b[7] ^= t; /* DEBUG_DUMP("a plus t", b, 8); */ memcpy(b+8, r, 8); rijndael_set_key(&ctx, kek, key_len*8 /*bits*/); rijndael_decrypt(&ctx, b, b); /* NOTE: we are using the same src and dst buffer. It's ok. */ /* DEBUG_DUMP("aes decrypt", b, 16) */ memcpy(a,b,8); memcpy(r, b+8, 8); r -= 8; } } /* DEBUG_DUMP("a", a, 8); */ /* DEBUG_DUMP("output", output, cipher_len - 8); */ return 0; }
static int docrypt(const unsigned char *key, size_t klen, const unsigned char *in, unsigned char *out, size_t len, int do_encrypt) { rijndael_ctx ctx; int error = 0; memset(&ctx, 0, sizeof(ctx)); error = rijndael_set_key(&ctx, key, klen * 8); if (error) return -1; if (do_encrypt) rijndael_encrypt(&ctx, in, out); else rijndael_decrypt(&ctx, in, out); return 0; }
static int rijndael128_setkey(u_int8_t **sched, u_int8_t *key, int len) { int err; if (len != 16 && len != 24 && len != 32) return (EINVAL); *sched = malloc(sizeof(rijndael_ctx), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); if (*sched != NULL) { rijndael_set_key((rijndael_ctx *) *sched, (u_char *) key, len * 8); err = 0; } else err = ENOMEM; return err; }
static int ccmp_setkey(struct ieee80211_key *k) { struct ccmp_ctx *ctx = k->wk_private; if (k->wk_keylen != (128/NBBY)) { IEEE80211_DPRINTF(ctx->cc_vap, IEEE80211_MSG_CRYPTO, "%s: Invalid key length %u, expecting %u\n", __func__, k->wk_keylen, 128/NBBY); return 0; } /* Always set up the software key structure. * If encrypted frame is received even when not using encryption, * software crypto may kick in. */ rijndael_set_key(&ctx->cc_aes, k->wk_key, k->wk_keylen*NBBY); return 1; }
static int ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, int enc) { struct ssh_rijndael_ctx *c; if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { c = xmalloc(sizeof(*c)); EVP_CIPHER_CTX_set_app_data(ctx, c); } if (key != NULL) { if (enc == -1) enc = ctx->encrypt; rijndael_set_key(&c->r_ctx, (u_char *)key, 8*EVP_CIPHER_CTX_key_length(ctx), enc); } if (iv != NULL) memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE); return (1); }
static int pefs_aesni_keysetup(const struct pefs_session *xses, struct pefs_ctx *xctx, const uint8_t *key, uint32_t keybits) { const struct pefs_aesni_ses *ses = &xses->o.ps_aesni; struct pefs_aesni_ctx *ctx = &xctx->o.pctx_aesni; struct fpu_kern_ctx *tmpctx = NULL; switch (keybits) { case 128: ctx->rounds = AES128_ROUNDS; break; case 192: ctx->rounds = AES192_ROUNDS; break; case 256: ctx->rounds = AES256_ROUNDS; break; default: printf("pefs: AESNI: invalid key length: %d", keybits); return (EINVAL); } if (ses->fpu_saved < 0) { tmpctx = fpu_kern_alloc_ctx(FPU_KERN_NORMAL); if (tmpctx == NULL) return (ENOMEM); fpu_kern_enter(curthread, tmpctx, FPU_KERN_NORMAL); } aesni_set_enckey(key, ctx->enc_schedule, ctx->rounds); aesni_set_deckey(ctx->enc_schedule, ctx->dec_schedule, ctx->rounds); rijndael_set_key(&ctx->sw, key, keybits); if (tmpctx != NULL) { fpu_kern_leave(curthread, tmpctx); fpu_kern_free_ctx(tmpctx); } return (0); }
int ns_decrypt(u_char *key, u_char *src, u_char *dst, size_t length, size_t key_length) { if(key_length != 16) { ns_log_warning("rijndael key_length != 16 which will likely lead to an Bus error or " "segmentation fault!"); } if(length % NS_BLOCK_SIZE != 0) { ns_log_warning("The length of the src must be a multiple of NS_BLOCK_SIZE " "(which is %d) but is %d.", NS_BLOCK_SIZE, length); } rijndael_ctx ctx; rijndael_set_key(&ctx, key, 8 * key_length); int j; // Decrypt blockwise from src to dst. for(j = 0; j < length; j += NS_BLOCK_SIZE) { rijndael_decrypt(&ctx, &(src[j]), &(dst[j])); } return 0; }
static void ciph_init(CIPH_CTX * ctx, const uint8 *key, int klen) { rijndael_set_key(ctx, (const uint32 *) key, klen, 1); }
void aes_key_wrap_set_key(aes_key_wrap_ctx *ctx, const u_int8_t *K, size_t K_len) { rijndael_set_key(&ctx->ctx, K, K_len * NBBY); }
static void ciph_init(ciphCtx *ctx, const uint8_t *key, int klen) { rijndael_set_key(ctx, (const uint32_t *)key, klen, 1); }
int geliboot_crypt(u_int algo, int enc, u_char *data, size_t datasize, const u_char *key, size_t keysize, u_char *iv) { keyInstance aeskey; cipherInstance cipher; struct aes_xts_ctx xtsctx, *ctxp; size_t xts_len; int err, blks, i; switch (algo) { case CRYPTO_AES_CBC: err = rijndael_makeKey(&aeskey, !enc, keysize, (const char *)key); if (err < 0) { printf("Failed to setup decryption keys: %d\n", err); return (err); } err = rijndael_cipherInit(&cipher, MODE_CBC, iv); if (err < 0) { printf("Failed to setup IV: %d\n", err); return (err); } switch (enc) { case 0: /* decrypt */ blks = rijndael_blockDecrypt(&cipher, &aeskey, data, datasize * 8, data); break; case 1: /* encrypt */ blks = rijndael_blockEncrypt(&cipher, &aeskey, data, datasize * 8, data); break; } if (datasize != (blks / 8)) { printf("Failed to decrypt the entire input: " "%u != %u\n", blks, datasize); return (1); } break; case CRYPTO_AES_XTS: xts_len = keysize << 1; ctxp = &xtsctx; rijndael_set_key(&ctxp->key1, key, xts_len / 2); rijndael_set_key(&ctxp->key2, key + (xts_len / 16), xts_len / 2); enc_xform_aes_xts.reinit(ctxp, iv); switch (enc) { case 0: /* decrypt */ for (i = 0; i < datasize; i += AES_XTS_BLOCKSIZE) { enc_xform_aes_xts.decrypt(ctxp, data + i); } break; case 1: /* encrypt */ for (i = 0; i < datasize; i += AES_XTS_BLOCKSIZE) { enc_xform_aes_xts.encrypt(ctxp, data + i); } break; } break; default: printf("Unsupported crypto algorithm #%d\n", algo); return (1); } return (0); }