Extend AES-SIV implementation to support different key lengths
The previous implementation was hardcoded to use 128-bit AES key (AEAD_AES_SIV_CMAC_256). Extend this by allowing AEAD_AES_SIV_CMAC_384 and AEAD_AES_SIV_CMAC_512 with 192-bit and 256-bit AES keys. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
e2991ee580
commit
325a85be36
6 changed files with 80 additions and 36 deletions
|
|
@ -61,26 +61,33 @@ static void pad_block(u8 *pad, const u8 *addr, size_t len)
|
|||
}
|
||||
|
||||
|
||||
static int aes_s2v(const u8 *key, size_t num_elem, const u8 *addr[],
|
||||
size_t *len, u8 *mac)
|
||||
static int aes_s2v(const u8 *key, size_t key_len,
|
||||
size_t num_elem, const u8 *addr[], size_t *len, u8 *mac)
|
||||
{
|
||||
u8 tmp[AES_BLOCK_SIZE], tmp2[AES_BLOCK_SIZE];
|
||||
u8 *buf = NULL;
|
||||
int ret;
|
||||
size_t i;
|
||||
const u8 *data[1];
|
||||
size_t data_len[1];
|
||||
|
||||
if (!num_elem) {
|
||||
os_memcpy(tmp, zero, sizeof(zero));
|
||||
tmp[AES_BLOCK_SIZE - 1] = 1;
|
||||
return omac1_aes_128(key, tmp, sizeof(tmp), mac);
|
||||
data[0] = tmp;
|
||||
data_len[0] = sizeof(tmp);
|
||||
return omac1_aes_vector(key, key_len, 1, data, data_len, mac);
|
||||
}
|
||||
|
||||
ret = omac1_aes_128(key, zero, sizeof(zero), tmp);
|
||||
data[0] = zero;
|
||||
data_len[0] = sizeof(zero);
|
||||
ret = omac1_aes_vector(key, key_len, 1, data, data_len, tmp);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
for (i = 0; i < num_elem - 1; i++) {
|
||||
ret = omac1_aes_128(key, addr[i], len[i], tmp2);
|
||||
ret = omac1_aes_vector(key, key_len, 1, &addr[i], &len[i],
|
||||
tmp2);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
|
|
@ -94,7 +101,8 @@ static int aes_s2v(const u8 *key, size_t num_elem, const u8 *addr[],
|
|||
|
||||
os_memcpy(buf, addr[i], len[i]);
|
||||
xorend(buf, len[i], tmp, AES_BLOCK_SIZE);
|
||||
ret = omac1_aes_128(key, buf, len[i], mac);
|
||||
data[0] = buf;
|
||||
ret = omac1_aes_vector(key, key_len, 1, data, &len[i], mac);
|
||||
bin_clear_free(buf, len[i]);
|
||||
return ret;
|
||||
}
|
||||
|
|
@ -103,24 +111,32 @@ static int aes_s2v(const u8 *key, size_t num_elem, const u8 *addr[],
|
|||
pad_block(tmp2, addr[i], len[i]);
|
||||
xor(tmp, tmp2);
|
||||
|
||||
return omac1_aes_128(key, tmp, sizeof(tmp), mac);
|
||||
data[0] = tmp;
|
||||
data_len[0] = sizeof(tmp);
|
||||
return omac1_aes_vector(key, key_len, 1, data, data_len, mac);
|
||||
}
|
||||
|
||||
|
||||
int aes_siv_encrypt(const u8 *key, const u8 *pw,
|
||||
size_t pwlen, size_t num_elem,
|
||||
const u8 *addr[], const size_t *len, u8 *out)
|
||||
int aes_siv_encrypt(const u8 *key, size_t key_len,
|
||||
const u8 *pw, size_t pwlen,
|
||||
size_t num_elem, const u8 *addr[], const size_t *len,
|
||||
u8 *out)
|
||||
{
|
||||
const u8 *_addr[6];
|
||||
size_t _len[6];
|
||||
const u8 *k1 = key, *k2 = key + 16;
|
||||
const u8 *k1, *k2;
|
||||
u8 v[AES_BLOCK_SIZE];
|
||||
size_t i;
|
||||
u8 *iv, *crypt_pw;
|
||||
|
||||
if (num_elem > ARRAY_SIZE(_addr) - 1)
|
||||
if (num_elem > ARRAY_SIZE(_addr) - 1 ||
|
||||
(key_len != 32 && key_len != 48 && key_len != 64))
|
||||
return -1;
|
||||
|
||||
key_len /= 2;
|
||||
k1 = key;
|
||||
k2 = key + key_len;
|
||||
|
||||
for (i = 0; i < num_elem; i++) {
|
||||
_addr[i] = addr[i];
|
||||
_len[i] = len[i];
|
||||
|
|
@ -128,7 +144,7 @@ int aes_siv_encrypt(const u8 *key, const u8 *pw,
|
|||
_addr[num_elem] = pw;
|
||||
_len[num_elem] = pwlen;
|
||||
|
||||
if (aes_s2v(k1, num_elem + 1, _addr, _len, v))
|
||||
if (aes_s2v(k1, key_len, num_elem + 1, _addr, _len, v))
|
||||
return -1;
|
||||
|
||||
iv = out;
|
||||
|
|
@ -140,26 +156,31 @@ int aes_siv_encrypt(const u8 *key, const u8 *pw,
|
|||
/* zero out 63rd and 31st bits of ctr (from right) */
|
||||
v[8] &= 0x7f;
|
||||
v[12] &= 0x7f;
|
||||
return aes_128_ctr_encrypt(k2, v, crypt_pw, pwlen);
|
||||
return aes_ctr_encrypt(k2, key_len, v, crypt_pw, pwlen);
|
||||
}
|
||||
|
||||
|
||||
int aes_siv_decrypt(const u8 *key, const u8 *iv_crypt, size_t iv_c_len,
|
||||
int aes_siv_decrypt(const u8 *key, size_t key_len,
|
||||
const u8 *iv_crypt, size_t iv_c_len,
|
||||
size_t num_elem, const u8 *addr[], const size_t *len,
|
||||
u8 *out)
|
||||
{
|
||||
const u8 *_addr[6];
|
||||
size_t _len[6];
|
||||
const u8 *k1 = key, *k2 = key + 16;
|
||||
const u8 *k1, *k2;
|
||||
size_t crypt_len;
|
||||
size_t i;
|
||||
int ret;
|
||||
u8 iv[AES_BLOCK_SIZE];
|
||||
u8 check[AES_BLOCK_SIZE];
|
||||
|
||||
if (iv_c_len < AES_BLOCK_SIZE || num_elem > ARRAY_SIZE(_addr) - 1)
|
||||
if (iv_c_len < AES_BLOCK_SIZE || num_elem > ARRAY_SIZE(_addr) - 1 ||
|
||||
(key_len != 32 && key_len != 48 && key_len != 64))
|
||||
return -1;
|
||||
crypt_len = iv_c_len - AES_BLOCK_SIZE;
|
||||
key_len /= 2;
|
||||
k1 = key;
|
||||
k2 = key + key_len;
|
||||
|
||||
for (i = 0; i < num_elem; i++) {
|
||||
_addr[i] = addr[i];
|
||||
|
|
@ -174,11 +195,11 @@ int aes_siv_decrypt(const u8 *key, const u8 *iv_crypt, size_t iv_c_len,
|
|||
iv[8] &= 0x7f;
|
||||
iv[12] &= 0x7f;
|
||||
|
||||
ret = aes_128_ctr_encrypt(k2, iv, out, crypt_len);
|
||||
ret = aes_ctr_encrypt(k2, key_len, iv, out, crypt_len);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
ret = aes_s2v(k1, num_elem + 1, _addr, _len, check);
|
||||
ret = aes_s2v(k1, key_len, num_elem + 1, _addr, _len, check);
|
||||
if (ret)
|
||||
return ret;
|
||||
if (os_memcmp(check, iv_crypt, AES_BLOCK_SIZE) == 0)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue