From d140db6adf7b3b439f71e1ac2c72e637157bfc4a Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 9 Sep 2012 12:26:22 +0300 Subject: [PATCH] Add support for using 192-bit and 256-bit keys with AES-GCM This adds 192-bit and 256-bit key support to the internal AES implementation and extends the AES-GCM functions to accept key length to enable longer AES key use. Signed-hostap: Jouni Malinen --- src/crypto/aes-gcm.c | 22 +++--- src/crypto/aes-internal-dec.c | 38 ++++++++--- src/crypto/aes-internal-enc.c | 27 +++++--- src/crypto/aes-internal.c | 70 +++++++++++++++---- src/crypto/aes_i.h | 15 ++++- src/crypto/aes_wrap.h | 20 +++--- tests/test-aes.c | 123 ++++++++++++++++++++++++++++++++-- wlantest/gcmp.c | 8 +-- 8 files changed, 258 insertions(+), 65 deletions(-) diff --git a/src/crypto/aes-gcm.c b/src/crypto/aes-gcm.c index df6cfa61f..d3105edaf 100644 --- a/src/crypto/aes-gcm.c +++ b/src/crypto/aes-gcm.c @@ -1,5 +1,5 @@ /* - * Galois/Counter Mode (GCM) and GMAC with AES-128 + * Galois/Counter Mode (GCM) and GMAC with AES * * Copyright (c) 2012, Jouni Malinen * @@ -173,18 +173,18 @@ static void aes_gctr(void *aes, const u8 *icb, const u8 *x, size_t xlen, u8 *y) /** - * aes_128_gcm_ae - GCM-AE_K(IV, P, A) + * aes_gcm_ae - GCM-AE_K(IV, P, A) */ -int aes_128_gcm_ae(const u8 *key, const u8 *iv, size_t iv_len, - const u8 *plain, size_t plain_len, - const u8 *aad, size_t aad_len, u8 *crypt, u8 *tag) +int aes_gcm_ae(const u8 *key, size_t key_len, const u8 *iv, size_t iv_len, + const u8 *plain, size_t plain_len, + const u8 *aad, size_t aad_len, u8 *crypt, u8 *tag) { u8 H[AES_BLOCK_SIZE]; u8 J0[AES_BLOCK_SIZE], J0inc[AES_BLOCK_SIZE]; u8 S[16], len_buf[16]; void *aes; - aes = aes_encrypt_init(key, 16); + aes = aes_encrypt_init(key, key_len); if (aes == NULL) return -1; @@ -242,18 +242,18 @@ int aes_128_gcm_ae(const u8 *key, const u8 *iv, size_t iv_len, /** - * aes_128_gcm_ad - GCM-AD_K(IV, C, A, T) + * aes_gcm_ad - GCM-AD_K(IV, C, A, T) */ -int aes_128_gcm_ad(const u8 *key, const u8 *iv, size_t iv_len, - const u8 *crypt, size_t crypt_len, - const u8 *aad, size_t aad_len, const u8 *tag, u8 *plain) +int aes_gcm_ad(const u8 *key, size_t key_len, const u8 *iv, size_t iv_len, + const u8 *crypt, size_t crypt_len, + const u8 *aad, size_t aad_len, const u8 *tag, u8 *plain) { u8 H[AES_BLOCK_SIZE]; u8 J0[AES_BLOCK_SIZE], J0inc[AES_BLOCK_SIZE]; u8 S[16], T[16], len_buf[16]; void *aes; - aes = aes_encrypt_init(key, 16); + aes = aes_encrypt_init(key, key_len); if (aes == NULL) return -1; diff --git a/src/crypto/aes-internal-dec.c b/src/crypto/aes-internal-dec.c index 70ce31064..720c7036e 100644 --- a/src/crypto/aes-internal-dec.c +++ b/src/crypto/aes-internal-dec.c @@ -2,14 +2,13 @@ * AES (Rijndael) cipher - decrypt * * Modifications to public domain implementation: - * - support only 128-bit keys * - cleanup * - use C pre-processor to make it easier to change S table access * - added option (AES_SMALL_TABLES) for reducing code size by about 8 kB at * cost of reduced throughput (quite small difference on Pentium 4, * 10-25% when using -O1 or -O2 optimization) * - * Copyright (c) 2003-2005, Jouni Malinen + * Copyright (c) 2003-2012, Jouni Malinen * * This software may be distributed under the terms of the BSD license. * See README for more details. @@ -26,13 +25,15 @@ * * @return the number of rounds for the given cipher key size. */ -static void rijndaelKeySetupDec(u32 rk[/*44*/], const u8 cipherKey[]) +static int rijndaelKeySetupDec(u32 rk[], const u8 cipherKey[], int keyBits) { - int Nr = 10, i, j; + int Nr, i, j; u32 temp; /* expand the cipher key: */ - rijndaelKeySetupEnc(rk, cipherKey); + Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits); + if (Nr < 0) + return Nr; /* invert the order of the round keys: */ for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) { temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; @@ -51,24 +52,30 @@ static void rijndaelKeySetupDec(u32 rk[/*44*/], const u8 cipherKey[]) TD3_(TE4((rk[j] ) & 0xff)); } } + + return Nr; } void * aes_decrypt_init(const u8 *key, size_t len) { u32 *rk; - if (len != 16) - return NULL; + int res; rk = os_malloc(AES_PRIV_SIZE); if (rk == NULL) return NULL; - rijndaelKeySetupDec(rk, key); + res = rijndaelKeySetupDec(rk, key, len * 8); + if (res < 0) { + os_free(rk); + return NULL; + } + rk[AES_PRIV_NR_POS] = res; return rk; } -static void rijndaelDecrypt(const u32 rk[/*44*/], const u8 ct[16], u8 pt[16]) +static void rijndaelDecrypt(const u32 rk[/*44*/], int Nr, const u8 ct[16], + u8 pt[16]) { u32 s0, s1, s2, s3, t0, t1, t2, t3; - const int Nr = 10; #ifndef FULL_UNROLL int r; #endif /* ?FULL_UNROLL */ @@ -99,6 +106,14 @@ d##3 = TD0(s##3) ^ TD1(s##2) ^ TD2(s##1) ^ TD3(s##0) ^ rk[4 * i + 3] ROUND(7,t,s); ROUND(8,s,t); ROUND(9,t,s); + if (Nr > 10) { + ROUND(10,s,t); + ROUND(11,t,s); + if (Nr > 12) { + ROUND(12,s,t); + ROUND(13,t,s); + } + } rk += Nr << 2; @@ -134,7 +149,8 @@ d##3 = TD0(s##3) ^ TD1(s##2) ^ TD2(s##1) ^ TD3(s##0) ^ rk[4 * i + 3] void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain) { - rijndaelDecrypt(ctx, crypt, plain); + u32 *rk = ctx; + rijndaelDecrypt(ctx, rk[AES_PRIV_NR_POS], crypt, plain); } diff --git a/src/crypto/aes-internal-enc.c b/src/crypto/aes-internal-enc.c index 645bc926a..f3c61b850 100644 --- a/src/crypto/aes-internal-enc.c +++ b/src/crypto/aes-internal-enc.c @@ -2,14 +2,13 @@ * AES (Rijndael) cipher - encrypt * * Modifications to public domain implementation: - * - support only 128-bit keys * - cleanup * - use C pre-processor to make it easier to change S table access * - added option (AES_SMALL_TABLES) for reducing code size by about 8 kB at * cost of reduced throughput (quite small difference on Pentium 4, * 10-25% when using -O1 or -O2 optimization) * - * Copyright (c) 2003-2005, Jouni Malinen + * Copyright (c) 2003-2012, Jouni Malinen * * This software may be distributed under the terms of the BSD license. * See README for more details. @@ -21,10 +20,9 @@ #include "crypto.h" #include "aes_i.h" -static void rijndaelEncrypt(const u32 rk[/*44*/], const u8 pt[16], u8 ct[16]) +static void rijndaelEncrypt(const u32 rk[], int Nr, const u8 pt[16], u8 ct[16]) { u32 s0, s1, s2, s3, t0, t1, t2, t3; - const int Nr = 10; #ifndef FULL_UNROLL int r; #endif /* ?FULL_UNROLL */ @@ -55,6 +53,14 @@ d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3] ROUND(7,t,s); ROUND(8,s,t); ROUND(9,t,s); + if (Nr > 10) { + ROUND(10,s,t); + ROUND(11,t,s); + if (Nr > 12) { + ROUND(12,s,t); + ROUND(13,t,s); + } + } rk += Nr << 2; @@ -92,19 +98,24 @@ d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3] void * aes_encrypt_init(const u8 *key, size_t len) { u32 *rk; - if (len != 16) - return NULL; + int res; rk = os_malloc(AES_PRIV_SIZE); if (rk == NULL) return NULL; - rijndaelKeySetupEnc(rk, key); + res = rijndaelKeySetupEnc(rk, key, len * 8); + if (res < 0) { + os_free(rk); + return NULL; + } + rk[AES_PRIV_NR_POS] = res; return rk; } void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt) { - rijndaelEncrypt(ctx, plain, crypt); + u32 *rk = ctx; + rijndaelEncrypt(ctx, rk[AES_PRIV_NR_POS], plain, crypt); } diff --git a/src/crypto/aes-internal.c b/src/crypto/aes-internal.c index 698606f82..bd4535d20 100644 --- a/src/crypto/aes-internal.c +++ b/src/crypto/aes-internal.c @@ -2,14 +2,13 @@ * AES (Rijndael) cipher * * Modifications to public domain implementation: - * - support only 128-bit keys * - cleanup * - use C pre-processor to make it easier to change S table access * - added option (AES_SMALL_TABLES) for reducing code size by about 8 kB at * cost of reduced throughput (quite small difference on Pentium 4, * 10-25% when using -O1 or -O2 optimization) * - * Copyright (c) 2003-2005, Jouni Malinen + * Copyright (c) 2003-2012, Jouni Malinen * * This software may be distributed under the terms of the BSD license. * See README for more details. @@ -777,7 +776,7 @@ const u8 rcons[] = { * * @return the number of rounds for the given cipher key size. */ -void rijndaelKeySetupEnc(u32 rk[/*44*/], const u8 cipherKey[]) +int rijndaelKeySetupEnc(u32 rk[], const u8 cipherKey[], int keyBits) { int i; u32 temp; @@ -786,14 +785,61 @@ void rijndaelKeySetupEnc(u32 rk[/*44*/], const u8 cipherKey[]) rk[1] = GETU32(cipherKey + 4); rk[2] = GETU32(cipherKey + 8); rk[3] = GETU32(cipherKey + 12); - for (i = 0; i < 10; i++) { - temp = rk[3]; - rk[4] = rk[0] ^ - TE421(temp) ^ TE432(temp) ^ TE443(temp) ^ TE414(temp) ^ - RCON(i); - rk[5] = rk[1] ^ rk[4]; - rk[6] = rk[2] ^ rk[5]; - rk[7] = rk[3] ^ rk[6]; - rk += 4; + + if (keyBits == 128) { + for (i = 0; i < 10; i++) { + temp = rk[3]; + rk[4] = rk[0] ^ TE421(temp) ^ TE432(temp) ^ + TE443(temp) ^ TE414(temp) ^ RCON(i); + rk[5] = rk[1] ^ rk[4]; + rk[6] = rk[2] ^ rk[5]; + rk[7] = rk[3] ^ rk[6]; + rk += 4; + } + return 10; } + + rk[4] = GETU32(cipherKey + 16); + rk[5] = GETU32(cipherKey + 20); + + if (keyBits == 192) { + for (i = 0; i < 8; i++) { + temp = rk[5]; + rk[6] = rk[0] ^ TE421(temp) ^ TE432(temp) ^ + TE443(temp) ^ TE414(temp) ^ RCON(i); + rk[7] = rk[1] ^ rk[6]; + rk[8] = rk[2] ^ rk[7]; + rk[9] = rk[3] ^ rk[8]; + if (i == 7) + return 12; + rk[10] = rk[4] ^ rk[9]; + rk[11] = rk[5] ^ rk[10]; + rk += 6; + } + } + + rk[6] = GETU32(cipherKey + 24); + rk[7] = GETU32(cipherKey + 28); + + if (keyBits == 256) { + for (i = 0; i < 7; i++) { + temp = rk[7]; + rk[8] = rk[0] ^ TE421(temp) ^ TE432(temp) ^ + TE443(temp) ^ TE414(temp) ^ RCON(i); + rk[9] = rk[1] ^ rk[8]; + rk[10] = rk[2] ^ rk[9]; + rk[11] = rk[3] ^ rk[10]; + if (i == 6) + return 14; + temp = rk[11]; + rk[12] = rk[4] ^ TE411(temp) ^ TE422(temp) ^ + TE433(temp) ^ TE444(temp); + rk[13] = rk[5] ^ rk[12]; + rk[14] = rk[6] ^ rk[13]; + rk[15] = rk[7] ^ rk[14]; + rk += 8; + } + } + + return -1; } diff --git a/src/crypto/aes_i.h b/src/crypto/aes_i.h index 163d4f68e..54375cf35 100644 --- a/src/crypto/aes_i.h +++ b/src/crypto/aes_i.h @@ -1,6 +1,6 @@ /* * AES (Rijndael) cipher - * Copyright (c) 2003-2005, Jouni Malinen + * Copyright (c) 2003-2012, Jouni Malinen * * This software may be distributed under the terms of the BSD license. * See README for more details. @@ -44,6 +44,10 @@ extern const u8 rcons[10]; #define TE432(i) (Te4[((i) >> 8) & 0xff] & 0x00ff0000) #define TE443(i) (Te4[(i) & 0xff] & 0x0000ff00) #define TE414(i) (Te4[((i) >> 24) & 0xff] & 0x000000ff) +#define TE411(i) (Te4[((i) >> 24) & 0xff] & 0xff000000) +#define TE422(i) (Te4[((i) >> 16) & 0xff] & 0x00ff0000) +#define TE433(i) (Te4[((i) >> 8) & 0xff] & 0x0000ff00) +#define TE444(i) (Te4[(i) & 0xff] & 0x000000ff) #define TE4(i) (Te4[(i)] & 0x000000ff) #define TD0(i) Td0[((i) >> 24) & 0xff] @@ -80,6 +84,10 @@ static inline u32 rotr(u32 val, int bits) #define TE432(i) (Te0[((i) >> 8) & 0xff] & 0x00ff0000) #define TE443(i) (Te0[(i) & 0xff] & 0x0000ff00) #define TE414(i) ((Te0[((i) >> 24) & 0xff] >> 8) & 0x000000ff) +#define TE411(i) ((Te0[((i) >> 24) & 0xff] << 8) & 0xff000000) +#define TE422(i) (Te0[((i) >> 16) & 0xff] & 0x00ff0000) +#define TE433(i) (Te0[((i) >> 8) & 0xff] & 0x0000ff00) +#define TE444(i) ((Te0[(i) & 0xff] >> 8) & 0x000000ff) #define TE4(i) ((Te0[(i)] >> 8) & 0x000000ff) #define TD0(i) Td0[((i) >> 24) & 0xff] @@ -109,8 +117,9 @@ static inline u32 rotr(u32 val, int bits) (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } #endif -#define AES_PRIV_SIZE (4 * 44) +#define AES_PRIV_SIZE (4 * 4 * 15 + 4) +#define AES_PRIV_NR_POS (4 * 15) -void rijndaelKeySetupEnc(u32 rk[/*44*/], const u8 cipherKey[]); +int rijndaelKeySetupEnc(u32 rk[], const u8 cipherKey[], int keyBits); #endif /* AES_I_H */ diff --git a/src/crypto/aes_wrap.h b/src/crypto/aes_wrap.h index ecc1bdf78..5b0928e20 100644 --- a/src/crypto/aes_wrap.h +++ b/src/crypto/aes_wrap.h @@ -6,7 +6,7 @@ * - AES-128 CTR mode encryption * - AES-128 EAX mode encryption/decryption * - AES-128 CBC - * - AES-128 GCM + * - AES-GCM * * Copyright (c) 2003-2012, Jouni Malinen * @@ -39,13 +39,15 @@ int __must_check aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len); int __must_check aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len); -int __must_check aes_128_gcm_ae(const u8 *key, const u8 *iv, size_t iv_len, - const u8 *plain, size_t plain_len, - const u8 *aad, size_t aad_len, - u8 *crypt, u8 *tag); -int __must_check aes_128_gcm_ad(const u8 *key, const u8 *iv, size_t iv_len, - const u8 *crypt, size_t crypt_len, - const u8 *aad, size_t aad_len, const u8 *tag, - u8 *plain); +int __must_check aes_gcm_ae(const u8 *key, size_t key_len, + const u8 *iv, size_t iv_len, + const u8 *plain, size_t plain_len, + const u8 *aad, size_t aad_len, + u8 *crypt, u8 *tag); +int __must_check aes_gcm_ad(const u8 *key, size_t key_len, + const u8 *iv, size_t iv_len, + const u8 *crypt, size_t crypt_len, + const u8 *aad, size_t aad_len, const u8 *tag, + u8 *plain); #endif /* AES_WRAP_H */ diff --git a/tests/test-aes.c b/tests/test-aes.c index 120143c82..d917b73bf 100644 --- a/tests/test-aes.c +++ b/tests/test-aes.c @@ -227,6 +227,114 @@ static const struct gcm_test_vector gcm_tests[] = { "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b", "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5", "619cc5aefffe0bfa462af43c1699d050" + }, + { + /* Test Case 7 */ + "000000000000000000000000000000000000000000000000", + "", + "", + "000000000000000000000000", + "", + "cd33b28ac773f74ba00ed1f312572435" + }, + { + /* Test Case 8 */ + "000000000000000000000000000000000000000000000000", + "00000000000000000000000000000000", + "", + "000000000000000000000000", + "98e7247c07f0fe411c267e4384b0f600", + "2ff58d80033927ab8ef4d4587514f0fb" + }, + { + /* Test Case 9 */ + "feffe9928665731c6d6a8f9467308308feffe9928665731c", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", + "", + "cafebabefacedbaddecaf888", + "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256", + "9924a7c8587336bfb118024db8674a14" + }, + { + /* Test Case 10 */ + "feffe9928665731c6d6a8f9467308308feffe9928665731c", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "cafebabefacedbaddecaf888", + "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710", + "2519498e80f1478f37ba55bd6d27618c" + }, + { + /* Test Case 11 */ + "feffe9928665731c6d6a8f9467308308feffe9928665731c", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "cafebabefacedbad", + "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7", + "65dcc57fcf623a24094fcca40d3533f8" + }, + { + /* Test Case 12 */ + "feffe9928665731c6d6a8f9467308308feffe9928665731c", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b", + "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b", + "dcf566ff291c25bbb8568fc3d376a6d9" + }, + { + /* Test Case 13 */ + "0000000000000000000000000000000000000000000000000000000000000000", + "", + "", + "000000000000000000000000", + "", + "530f8afbc74536b9a963b4f1c4cb738b" + }, + { + /* Test Case 14 */ + "0000000000000000000000000000000000000000000000000000000000000000", + "00000000000000000000000000000000", + "", + "000000000000000000000000", + "cea7403d4d606b6e074ec5d3baf39d18", + "d0d1c8a799996bf0265b98b5d48ab919" + }, + { + /* Test Case 15 */ + "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", + "", + "cafebabefacedbaddecaf888", + "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad", + "b094dac5d93471bdec1a502270e3cc6c" + }, + { + /* Test Case 16 */ + "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "cafebabefacedbaddecaf888", + "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662", + "76fc6ece0f4e1768cddf8853bb2d551b" + }, + { + /* Test Case 17 */ + "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "cafebabefacedbad", + "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f", + "3a337dbf46a792c45e454913fe2ea8f2" + }, + { + /* Test Case 18 */ + "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b", + "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f", + "a44a8266ee1c8eb0c8b5d4cf5ae9f19a" } }; @@ -235,14 +343,15 @@ static int test_gcm(void) { int ret = 0; int i; - u8 k[16], aad[32], iv[64], t[16], tag[16]; + u8 k[32], aad[32], iv[64], t[16], tag[16]; u8 p[64], c[64], tmp[64]; - size_t p_len, aad_len, iv_len; + size_t k_len, p_len, aad_len, iv_len; for (i = 0; i < sizeof(gcm_tests) / sizeof(gcm_tests[0]); i++) { const struct gcm_test_vector *tc = &gcm_tests[i]; - if (hexstr2bin(tc->k, k, sizeof(k))) { + k_len = os_strlen(tc->k) / 2; + if (hexstr2bin(tc->k, k, k_len)) { printf("Invalid GCM test vector %d (k)\n", i); ret++; continue; @@ -281,8 +390,8 @@ static int test_gcm(void) continue; } - if (aes_128_gcm_ae(k, iv, iv_len, p, p_len, aad, aad_len, tmp, - tag) < 0) { + if (aes_gcm_ae(k, k_len, iv, iv_len, p, p_len, aad, aad_len, + tmp, tag) < 0) { printf("GCM-AE failed (test case %d)\n", i); ret++; continue; @@ -298,8 +407,8 @@ static int test_gcm(void) ret++; } - if (aes_128_gcm_ad(k, iv, iv_len, c, p_len, aad, aad_len, t, - tmp) < 0) { + if (aes_gcm_ad(k, k_len, iv, iv_len, c, p_len, aad, aad_len, + t, tmp) < 0) { printf("GCM-AD failed (test case %d)\n", i); ret++; continue; diff --git a/wlantest/gcmp.c b/wlantest/gcmp.c index e0245db78..5639b7e2b 100644 --- a/wlantest/gcmp.c +++ b/wlantest/gcmp.c @@ -95,8 +95,8 @@ u8 * gcmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, wpa_hexdump(MSG_EXCESSIVE, "GCMP AAD", aad, aad_len); wpa_hexdump(MSG_EXCESSIVE, "GCMP nonce", nonce, sizeof(nonce)); - if (aes_128_gcm_ad(tk, nonce, sizeof(nonce), m, mlen, aad, aad_len, - m + mlen, plain) < 0) { + if (aes_gcm_ad(tk, 16, nonce, sizeof(nonce), m, mlen, aad, aad_len, + m + mlen, plain) < 0) { u16 seq_ctrl = le_to_host16(hdr->seq_ctrl); wpa_printf(MSG_INFO, "Invalid GCMP frame: A1=" MACSTR " A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u", @@ -146,8 +146,8 @@ u8 * gcmp_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, u8 *qos, wpa_hexdump(MSG_EXCESSIVE, "GCMP AAD", aad, aad_len); wpa_hexdump(MSG_EXCESSIVE, "GCMP nonce", nonce, sizeof(nonce)); - if (aes_128_gcm_ae(tk, nonce, sizeof(nonce), frame + hdrlen, plen, aad, - aad_len, pos, pos + plen) < 0) { + if (aes_gcm_ae(tk, 16, nonce, sizeof(nonce), frame + hdrlen, plen, aad, + aad_len, pos, pos + plen) < 0) { os_free(crypt); return NULL; }