int
yacl_aes128gcm_encrypt(const uint8_t *plaintext, size_t plaintext_len,
const uint8_t *aad, size_t aad_len,
const uint8_t *key, size_t key_len,
const uint8_t *nonce, size_t nonce_len,
uint8_t *tag, size_t tag_len,
uint8_t *ciphertext, size_t c_len)
{
if (crypto_aead_aes256gcm_NPUBBYTES != nonce_len)
return -1;
if (plaintext_len != c_len)
return -2;
if (crypto_aead_aes128gcm_KEYBYTES != key_len)
return -3;
if (crypto_aead_aes256gcm_ABYTES != tag_len)
return -4;
return aes_gcm_ae(key, key_len,
nonce, nonce_len,
plaintext, plaintext_len,
aad, aad_len,
ciphertext,
tag);
}
int aes_gmac(
void *aes, // DHD20150614
const u8 *key, size_t key_len, const u8 *iv, size_t iv_len,
const u8 *aad, size_t aad_len, u8 *tag)
{
return aes_gcm_ae(
aes, // DHD20150614
key, key_len, iv, iv_len, NULL, 0, aad, aad_len, NULL,
tag);
}
u8 * gcmp_encrypt(const u8 *tk, size_t tk_len, u8 *frame, size_t len,
size_t hdrlen, u8 *qos,
u8 *pn, int keyid, size_t *encrypted_len)
{
u8 aad[30], nonce[12], *crypt, *pos;
size_t aad_len, plen;
struct ieee80211_hdr *hdr;
if (len < hdrlen || hdrlen < 24)
return NULL;
plen = len - hdrlen;
crypt = os_malloc(hdrlen + 8 + plen + 16 + AES_BLOCK_SIZE);
if (crypt == NULL)
return NULL;
os_memcpy(crypt, frame, hdrlen);
hdr = (struct ieee80211_hdr *) crypt;
hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
pos = crypt + hdrlen;
*pos++ = pn[5]; /* PN0 */
*pos++ = pn[4]; /* PN1 */
*pos++ = 0x00; /* Rsvd */
*pos++ = 0x20 | (keyid << 6);
*pos++ = pn[3]; /* PN2 */
*pos++ = pn[2]; /* PN3 */
*pos++ = pn[1]; /* PN4 */
*pos++ = pn[0]; /* PN5 */
os_memset(aad, 0, sizeof(aad));
gcmp_aad_nonce(hdr, crypt + hdrlen, aad, &aad_len, nonce);
wpa_hexdump(MSG_EXCESSIVE, "GCMP AAD", aad, aad_len);
wpa_hexdump(MSG_EXCESSIVE, "GCMP nonce", nonce, sizeof(nonce));
if (aes_gcm_ae(tk, tk_len, nonce, sizeof(nonce), frame + hdrlen, plen,
aad, aad_len, pos, pos + plen) < 0) {
os_free(crypt);
return NULL;
}
wpa_hexdump(MSG_EXCESSIVE, "GCMP MIC", pos + plen, 16);
wpa_hexdump(MSG_EXCESSIVE, "GCMP encrypted", pos, plen);
*encrypted_len = hdrlen + 8 + plen + 16;
return crypt;
}
int
yacl_aes256gcm_encrypt(const uint8_t *plaintext, size_t plaintext_len,
const uint8_t *aad, size_t aad_len,
const uint8_t *key, size_t key_len,
const uint8_t *nonce, size_t nonce_len,
uint8_t *tag, size_t tag_len,
uint8_t *ciphertext, size_t c_len)
{
if (crypto_aead_aes256gcm_NPUBBYTES != nonce_len)
return -1;
if (plaintext_len != c_len)
return -2;
if (crypto_aead_aes256gcm_KEYBYTES != key_len)
return -3;
if (crypto_aead_aes256gcm_ABYTES != tag_len)
return -4;
#if defined HAVE_LIBSODIUM && defined HAVE_SODIUM_GCM && defined HAVE_SODIUM_GCM_ENCRYPT
if (crypto_aead_aes256gcm_is_available())
{
return crypto_aead_aes256gcm_encrypt_detached(ciphertext,
tag,
NULL,
plaintext,
tag_len,
aad,
aad_len,
NULL,
nonce,
key);
}
#endif
return aes_gcm_ae(key, key_len,
nonce, nonce_len,
plaintext, plaintext_len,
aad, aad_len,
ciphertext,
tag);
}
static int test_gcm(void)
{
int ret = 0;
int i;
u8 k[32], aad[32], iv[64], t[16], tag[16];
u8 p[64], c[64], tmp[64];
size_t k_len, p_len, aad_len, iv_len;
for (i = 0; i < ARRAY_SIZE(gcm_tests); i++) {
const struct gcm_test_vector *tc = &gcm_tests[i];
k_len = os_strlen(tc->k) / 2;
if (hexstr2bin(tc->k, k, k_len)) {
printf("Invalid GCM test vector %d (k)\n", i);
ret++;
continue;
}
p_len = os_strlen(tc->p) / 2;
if (hexstr2bin(tc->p, p, p_len)) {
printf("Invalid GCM test vector %d (p)\n", i);
ret++;
continue;
}
aad_len = os_strlen(tc->aad) / 2;
if (hexstr2bin(tc->aad, aad, aad_len)) {
printf("Invalid GCM test vector %d (aad)\n", i);
ret++;
continue;
}
iv_len = os_strlen(tc->iv) / 2;
if (hexstr2bin(tc->iv, iv, iv_len)) {
printf("Invalid GCM test vector %d (iv)\n", i);
ret++;
continue;
}
if (hexstr2bin(tc->c, c, p_len)) {
printf("Invalid GCM test vector %d (c)\n", i);
ret++;
continue;
}
if (hexstr2bin(tc->t, t, sizeof(t))) {
printf("Invalid GCM test vector %d (t)\n", i);
ret++;
continue;
}
if (aes_gcm_ae(k, k_len, iv, iv_len, p, p_len, aad, aad_len,
tmp, tag) < 0) {
printf("GCM-AE failed (test case %d)\n", i);
ret++;
continue;
}
if (os_memcmp(c, tmp, p_len) != 0) {
printf("GCM-AE mismatch (test case %d)\n", i);
ret++;
}
if (os_memcmp(tag, t, sizeof(tag)) != 0) {
printf("GCM-AE tag mismatch (test case %d)\n", i);
ret++;
}
if (p_len == 0) {
if (aes_gmac(k, k_len, iv, iv_len, aad, aad_len, tag) <
0) {
printf("GMAC failed (test case %d)\n", i);
ret++;
continue;
}
if (os_memcmp(tag, t, sizeof(tag)) != 0) {
printf("GMAC tag mismatch (test case %d)\n", i);
ret++;
}
}
if (aes_gcm_ad(k, k_len, iv, iv_len, c, p_len, aad, aad_len,
t, tmp) < 0) {
printf("GCM-AD failed (test case %d)\n", i);
ret++;
continue;
}
if (os_memcmp(p, tmp, p_len) != 0) {
printf("GCM-AD mismatch (test case %d)\n", i);
ret++;
}
}
return ret;
}
int aes_gmac(const aes_uchar *key, size_t key_len, const aes_uchar *iv, size_t iv_len,
const aes_uchar *aad, size_t aad_len, aes_uchar *tag)
{
return aes_gcm_ae(key, key_len, iv, iv_len, NULL, 0, aad, aad_len, NULL, tag);
}
static int test_gcm(void)
{
int ret = 0;
int i;
u8 k[32], aad[32], iv[64], t[16], tag[16];
u8 p[64], c[64], tmp[64];
size_t k_len, p_len, aad_len, iv_len;
printf ("testing gcm\n");
for (i = 0; i < ARRAY_SIZE(gcm_tests); i++) {
const struct gcm_test_vector *tc = &gcm_tests[i];
k_len = strlen(tc->k) / 2;
if (hexstr2bin(tc->k, k, k_len)) {
printf("Invalid GCM test vector %d (k)\n", i);
ret++;
continue;
}
p_len = strlen(tc->p) / 2;
if (hexstr2bin(tc->p, p, p_len)) {
printf("Invalid GCM test vector %d (p)\n", i);
ret++;
continue;
}
aad_len = strlen(tc->aad) / 2;
if (hexstr2bin(tc->aad, aad, aad_len)) {
printf("Invalid GCM test vector %d (aad)\n", i);
ret++;
continue;
}
iv_len = strlen(tc->iv) / 2;
if (hexstr2bin(tc->iv, iv, iv_len)) {
printf("Invalid GCM test vector %d (iv)\n", i);
ret++;
continue;
}
if (hexstr2bin(tc->c, c, p_len)) {
printf("Invalid GCM test vector %d (c)\n", i);
ret++;
continue;
}
if (hexstr2bin(tc->t, t, sizeof(t))) {
printf("Invalid GCM test vector %d (t)\n", i);
ret++;
continue;
}
if (k_len == 32 && iv_len == 12)
{
printf ("k: %s\n", tc->k);
printf ("iv: %s\n", tc->iv);
printf ("p: %s\n", tc->p);
printf ("aad: %s\n", tc->aad);
}
if (aes_gcm_ae(k, k_len, iv, iv_len, p, p_len, aad, aad_len,
tmp, tag) < 0) {
printf("GCM-AE failed (test case %d)\n", i);
ret++;
continue;
}
else if (k_len == 32 && iv_len == 12)
{
for (int i=0; i< sizeof tmp; i++)
printf ("%02X", tmp[i]);
printf ("\n");
for (int i=0; i< sizeof tag; i++)
printf ("%02X", tag[i]);
printf ("\n");
printf ("k_len: %lu, iv_len: %lu, p_len: %lu, aad_len: %lu\n", k_len, iv_len, p_len, aad_len);
}
if (memcmp(c, tmp, p_len) != 0) {
printf("GCM-AE mismatch (test case %d)\n", i);
ret++;
}
if (memcmp(tag, t, sizeof(tag)) != 0) {
printf("GCM-AE tag mismatch (test case %d)\n", i);
ret++;
}
if (p_len == 0) {
if (aes_gmac(k, k_len, iv, iv_len, aad, aad_len, tag) <
0) {
printf("GMAC failed (test case %d)\n", i);
ret++;
continue;
}
if (memcmp(tag, t, sizeof(tag)) != 0) {
printf("GMAC tag mismatch (test case %d)\n", i);
ret++;
}
}
if (aes_gcm_ad(k, k_len, iv, iv_len, c, p_len, aad, aad_len,
t, tmp) < 0) {
printf("GCM-AD failed (test case %d)\n", i);
ret++;
continue;
}
else
{
printf ("uyup\n");
}
if (memcmp(p, tmp, p_len) != 0) {
printf("GCM-AD mismatch (test case %d)\n", i);
ret++;
}
}
return ret;
}