aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-10-07 11:45:22 (GMT)
committerJouni Malinen <j@w1.fi>2014-10-07 11:57:10 (GMT)
commita256506ddc279a730c38e3ecdc1d86e6ef23cbeb (patch)
treeac14a474028782cf6d2cd69615ace74221f3181c
parenteefec1e40b8721b37aff8187741c824c7913d0f0 (diff)
downloadhostap-a256506ddc279a730c38e3ecdc1d86e6ef23cbeb.zip
hostap-a256506ddc279a730c38e3ecdc1d86e6ef23cbeb.tar.gz
hostap-a256506ddc279a730c38e3ecdc1d86e6ef23cbeb.tar.bz2
AES: Extend key wrap implementation to support longer data
This extends the "XOR t" operation in aes_wrap() and aes_unwrap() to handle up to four octets of the n*h+i value instead of just the least significant octet. This allows the plaintext be longer than 336 octets which was the previous limit. Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r--src/crypto/aes-unwrap.c7
-rw-r--r--src/crypto/aes-wrap.c7
2 files changed, 12 insertions, 2 deletions
diff --git a/src/crypto/aes-unwrap.c b/src/crypto/aes-unwrap.c
index c2b46b7..ec793d9 100644
--- a/src/crypto/aes-unwrap.c
+++ b/src/crypto/aes-unwrap.c
@@ -29,6 +29,7 @@ int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher,
u8 a[8], *r, b[AES_BLOCK_SIZE];
int i, j;
void *ctx;
+ unsigned int t;
/* 1) Initialize variables. */
os_memcpy(a, cipher, 8);
@@ -50,7 +51,11 @@ int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher,
r = plain + (n - 1) * 8;
for (i = n; i >= 1; i--) {
os_memcpy(b, a, 8);
- b[7] ^= n * j + i;
+ t = n * j + i;
+ b[7] ^= t;
+ b[6] ^= t >> 8;
+ b[5] ^= t >> 16;
+ b[4] ^= t >> 24;
os_memcpy(b + 8, r, 8);
aes_decrypt(ctx, b, b);
diff --git a/src/crypto/aes-wrap.c b/src/crypto/aes-wrap.c
index f72437a..7ed34e8 100644
--- a/src/crypto/aes-wrap.c
+++ b/src/crypto/aes-wrap.c
@@ -28,6 +28,7 @@ int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher)
u8 *a, *r, b[AES_BLOCK_SIZE];
int i, j;
void *ctx;
+ unsigned int t;
a = cipher;
r = cipher + 8;
@@ -54,7 +55,11 @@ int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher)
os_memcpy(b + 8, r, 8);
aes_encrypt(ctx, b, b);
os_memcpy(a, b, 8);
- a[7] ^= n * j + i;
+ t = n * j + i;
+ a[7] ^= t;
+ a[6] ^= t >> 8;
+ a[5] ^= t >> 16;
+ a[4] ^= t >> 24;
os_memcpy(r, b + 8, 8);
r += 8;
}