/** * fast_aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394) * @kek: 16-octet Key encryption key (KEK) * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16 * bytes * @plain: Plaintext key to be wrapped, n * 64 bits * @cipher: Wrapped key, (n + 1) * 64 bits * Returns: 0 on success, -1 on failure */ int fast_aes_wrap(const uint8_t *kek, int n, const uint8_t *plain, uint8_t *cipher) { uint8_t *a, *r, b[16]; int32_t i, j; int32_t ret = 0; mbedtls_aes_context ctx; a = cipher; r = cipher + 8; /* 1) Initialize variables. */ os_memset(a, 0xa6, 8); os_memcpy(r, plain, 8 * n); mbedtls_aes_init(&ctx); ret = mbedtls_aes_setkey_enc(&ctx, kek, 128); if (ret < 0) { mbedtls_aes_free(&ctx); return ret; } /* 2) Calculate intermediate values. * For j = 0 to 5 * For i=1 to n * B = AES(K, A | R[i]) * A = MSB(64, B) ^ t where t = (n*j)+i * R[i] = LSB(64, B) */ for (j = 0; j <= 5; j++) { r = cipher + 8; for (i = 1; i <= n; i++) { os_memcpy(b, a, 8); os_memcpy(b + 8, r, 8); mbedtls_aes_encrypt(&ctx, b, b); os_memcpy(a, b, 8); a[7] ^= n * j + i; os_memcpy(r, b + 8, 8); r += 8; } } mbedtls_aes_free(&ctx); /* 3) Output the results. * * These are already in @cipher due to the location of temporary * variables. */ return 0; }
int AESContext::encrypt(State & state, mbedtls_aes_context * context){ Stack * stack = state.stack; if (stack->is<LUA_TSTRING>(1)){ std::string input = stack->toLString(1); if (input.length() == 16){ unsigned char output[16]; mbedtls_aes_encrypt(context, reinterpret_cast<const unsigned char *>(input.c_str()), output); stack->pushLString(std::string(reinterpret_cast<char*>(output), 16)); return 1; } else{ stack->push<bool>(false); return 1; } } return 0; }
int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, int mode, const unsigned char input[16], unsigned char output[16] ) { /* allow multi-instance of CRYP use: restore context for CRYP hw module */ ctx->hcryp_aes.Instance->CR = ctx->ctx_save_cr; if(mode == MBEDTLS_AES_DECRYPT) { /* AES decryption */ ctx->hcryp_aes.Init.DataType = CRYP_DATATYPE_8B; ctx->hcryp_aes.Init.pKey = ctx->aes_key; mbedtls_aes_decrypt( ctx, input, output ); } else { /* AES encryption */ ctx->hcryp_aes.Init.DataType = CRYP_DATATYPE_8B; ctx->hcryp_aes.Init.pKey = ctx->aes_key; mbedtls_aes_encrypt( ctx, input, output ); } /* allow multi-instance of CRYP use: save context for CRYP HW module CR */ ctx->ctx_save_cr = ctx->hcryp_aes.Instance->CR; return( 0 ); }
int fast_crypto_cipher_encrypt(struct crypto_cipher *ctx, const uint8_t *plain, uint8_t *crypt, size_t len) { size_t i, j, blocks; struct fast_crypto_cipher *fast_ctx; fast_ctx = (struct fast_crypto_cipher *)ctx; switch (fast_ctx->alg) { case CRYPTO_CIPHER_ALG_RC4: if (plain != crypt) { os_memcpy(crypt, plain, len); } rc4_skip(fast_ctx->u.rc4.key, fast_ctx->u.rc4.keylen, fast_ctx->u.rc4.used_bytes, crypt, len); fast_ctx->u.rc4.used_bytes += len; break; case CRYPTO_CIPHER_ALG_AES: if (len % AES_BLOCK_SIZE) { return -1; } blocks = len / AES_BLOCK_SIZE; for (i = 0; i < blocks; i++) { for (j = 0; j < AES_BLOCK_SIZE; j++) fast_ctx->u.aes.cbc[j] ^= plain[j]; mbedtls_aes_encrypt(&(fast_ctx->u.aes.ctx_enc), fast_ctx->u.aes.cbc, fast_ctx->u.aes.cbc); os_memcpy(crypt, fast_ctx->u.aes.cbc, AES_BLOCK_SIZE); plain += AES_BLOCK_SIZE; crypt += AES_BLOCK_SIZE; } break; #ifdef CONFIG_DES3 case CRYPTO_CIPHER_ALG_3DES: if (len % 8) { return -1; } blocks = len / 8; for (i = 0; i < blocks; i++) { for (j = 0; j < 8; j++) fast_ctx->u.des3.cbc[j] ^= plain[j]; des3_encrypt(fast_ctx->u.des3.cbc, &fast_ctx->u.des3.key, fast_ctx->u.des3.cbc); os_memcpy(crypt, fast_ctx->u.des3.cbc, 8); plain += 8; crypt += 8; } break; #endif #ifdef CONFIG_DES case CRYPTO_CIPHER_ALG_DES: if (len % 8) { return -1; } blocks = len / 8; for (i = 0; i < blocks; i++) { for (j = 0; j < 8; j++) fast_ctx->u.des3.cbc[j] ^= plain[j]; des_block_encrypt(fast_ctx->u.des.cbc, fast_ctx->u.des.ek, fast_ctx->u.des.cbc); os_memcpy(crypt, fast_ctx->u.des.cbc, 8); plain += 8; crypt += 8; } break; #endif default: return -1; } return 0; }