| OLD | NEW |
|---|
| (Empty) |
| 1 /* crypto/aes/aes_wrap.c */ | |
| 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
| 3 * project. | |
| 4 */ | |
| 5 /* ==================================================================== | |
| 6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved. | |
| 7 * | |
| 8 * Redistribution and use in source and binary forms, with or without | |
| 9 * modification, are permitted provided that the following conditions | |
| 10 * are met: | |
| 11 * | |
| 12 * 1. Redistributions of source code must retain the above copyright | |
| 13 * notice, this list of conditions and the following disclaimer. | |
| 14 * | |
| 15 * 2. Redistributions in binary form must reproduce the above copyright | |
| 16 * notice, this list of conditions and the following disclaimer in | |
| 17 * the documentation and/or other materials provided with the | |
| 18 * distribution. | |
| 19 * | |
| 20 * 3. All advertising materials mentioning features or use of this | |
| 21 * software must display the following acknowledgment: | |
| 22 * "This product includes software developed by the OpenSSL Project | |
| 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
| 24 * | |
| 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
| 26 * endorse or promote products derived from this software without | |
| 27 * prior written permission. For written permission, please contact | |
| 28 * licensing@OpenSSL.org. | |
| 29 * | |
| 30 * 5. Products derived from this software may not be called "OpenSSL" | |
| 31 * nor may "OpenSSL" appear in their names without prior written | |
| 32 * permission of the OpenSSL Project. | |
| 33 * | |
| 34 * 6. Redistributions of any form whatsoever must retain the following | |
| 35 * acknowledgment: | |
| 36 * "This product includes software developed by the OpenSSL Project | |
| 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
| 38 * | |
| 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
| 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
| 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
| 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
| 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
| 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
| 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
| 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
| 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
| 50 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 51 * ==================================================================== | |
| 52 */ | |
| 53 | |
| 54 #include "cryptlib.h" | |
| 55 #include <openssl/aes.h> | |
| 56 #include <openssl/bio.h> | |
| 57 | |
| 58 static const unsigned char default_iv[] = { | |
| 59 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, | |
| 60 }; | |
| 61 | |
| 62 int AES_wrap_key(AES_KEY *key, const unsigned char *iv, | |
| 63 unsigned char *out, | |
| 64 const unsigned char *in, unsigned int inlen) | |
| 65 { | |
| 66 unsigned char *A, B[16], *R; | |
| 67 unsigned int i, j, t; | |
| 68 if ((inlen & 0x7) || (inlen < 8)) | |
| 69 return -1; | |
| 70 A = B; | |
| 71 t = 1; | |
| 72 memcpy(out + 8, in, inlen); | |
| 73 if (!iv) | |
| 74 iv = default_iv; | |
| 75 | |
| 76 memcpy(A, iv, 8); | |
| 77 | |
| 78 for (j = 0; j < 6; j++) | |
| 79 { | |
| 80 R = out + 8; | |
| 81 for (i = 0; i < inlen; i += 8, t++, R += 8) | |
| 82 { | |
| 83 memcpy(B + 8, R, 8); | |
| 84 AES_encrypt(B, B, key); | |
| 85 A[7] ^= (unsigned char)(t & 0xff); | |
| 86 if (t > 0xff) | |
| 87 { | |
| 88 A[6] ^= (unsigned char)((t >> 8) & 0xff); | |
| 89 A[5] ^= (unsigned char)((t >> 16) & 0xff); | |
| 90 A[4] ^= (unsigned char)((t >> 24) & 0xff); | |
| 91 } | |
| 92 memcpy(R, B + 8, 8); | |
| 93 } | |
| 94 } | |
| 95 memcpy(out, A, 8); | |
| 96 return inlen + 8; | |
| 97 } | |
| 98 | |
| 99 int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, | |
| 100 unsigned char *out, | |
| 101 const unsigned char *in, unsigned int inlen) | |
| 102 { | |
| 103 unsigned char *A, B[16], *R; | |
| 104 unsigned int i, j, t; | |
| 105 inlen -= 8; | |
| 106 if (inlen & 0x7) | |
| 107 return -1; | |
| 108 if (inlen < 8) | |
| 109 return -1; | |
| 110 A = B; | |
| 111 t = 6 * (inlen >> 3); | |
| 112 memcpy(A, in, 8); | |
| 113 memcpy(out, in + 8, inlen); | |
| 114 for (j = 0; j < 6; j++) | |
| 115 { | |
| 116 R = out + inlen - 8; | |
| 117 for (i = 0; i < inlen; i += 8, t--, R -= 8) | |
| 118 { | |
| 119 A[7] ^= (unsigned char)(t & 0xff); | |
| 120 if (t > 0xff) | |
| 121 { | |
| 122 A[6] ^= (unsigned char)((t >> 8) & 0xff); | |
| 123 A[5] ^= (unsigned char)((t >> 16) & 0xff); | |
| 124 A[4] ^= (unsigned char)((t >> 24) & 0xff); | |
| 125 } | |
| 126 memcpy(B + 8, R, 8); | |
| 127 AES_decrypt(B, B, key); | |
| 128 memcpy(R, B + 8, 8); | |
| 129 } | |
| 130 } | |
| 131 if (!iv) | |
| 132 iv = default_iv; | |
| 133 if (memcmp(A, iv, 8)) | |
| 134 { | |
| 135 OPENSSL_cleanse(out, inlen); | |
| 136 return 0; | |
| 137 } | |
| 138 return inlen; | |
| 139 } | |
| 140 | |
| 141 #ifdef AES_WRAP_TEST | |
| 142 | |
| 143 int AES_wrap_unwrap_test(const unsigned char *kek, int keybits, | |
| 144 const unsigned char *iv, | |
| 145 const unsigned char *eout, | |
| 146 const unsigned char *key, int keylen) | |
| 147 { | |
| 148 unsigned char *otmp = NULL, *ptmp = NULL; | |
| 149 int r, ret = 0; | |
| 150 AES_KEY wctx; | |
| 151 otmp = OPENSSL_malloc(keylen + 8); | |
| 152 ptmp = OPENSSL_malloc(keylen); | |
| 153 if (!otmp || !ptmp) | |
| 154 return 0; | |
| 155 if (AES_set_encrypt_key(kek, keybits, &wctx)) | |
| 156 goto err; | |
| 157 r = AES_wrap_key(&wctx, iv, otmp, key, keylen); | |
| 158 if (r <= 0) | |
| 159 goto err; | |
| 160 | |
| 161 if (eout && memcmp(eout, otmp, keylen)) | |
| 162 goto err; | |
| 163 | |
| 164 if (AES_set_decrypt_key(kek, keybits, &wctx)) | |
| 165 goto err; | |
| 166 r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r); | |
| 167 | |
| 168 if (memcmp(key, ptmp, keylen)) | |
| 169 goto err; | |
| 170 | |
| 171 ret = 1; | |
| 172 | |
| 173 err: | |
| 174 if (otmp) | |
| 175 OPENSSL_free(otmp); | |
| 176 if (ptmp) | |
| 177 OPENSSL_free(ptmp); | |
| 178 | |
| 179 return ret; | |
| 180 | |
| 181 } | |
| 182 | |
| 183 | |
| 184 | |
| 185 int main(int argc, char **argv) | |
| 186 { | |
| 187 | |
| 188 static const unsigned char kek[] = { | |
| 189 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
| 190 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
| 191 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | |
| 192 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f | |
| 193 }; | |
| 194 | |
| 195 static const unsigned char key[] = { | |
| 196 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, | |
| 197 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, | |
| 198 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
| 199 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f | |
| 200 }; | |
| 201 | |
| 202 static const unsigned char e1[] = { | |
| 203 0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47, | |
| 204 0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82, | |
| 205 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5 | |
| 206 }; | |
| 207 | |
| 208 static const unsigned char e2[] = { | |
| 209 0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35, | |
| 210 0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2, | |
| 211 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d | |
| 212 }; | |
| 213 | |
| 214 static const unsigned char e3[] = { | |
| 215 0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2, | |
| 216 0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a, | |
| 217 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7 | |
| 218 }; | |
| 219 | |
| 220 static const unsigned char e4[] = { | |
| 221 0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32, | |
| 222 0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc, | |
| 223 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93, | |
| 224 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2 | |
| 225 }; | |
| 226 | |
| 227 static const unsigned char e5[] = { | |
| 228 0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f, | |
| 229 0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4, | |
| 230 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95, | |
| 231 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1 | |
| 232 }; | |
| 233 | |
| 234 static const unsigned char e6[] = { | |
| 235 0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4, | |
| 236 0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26, | |
| 237 0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26, | |
| 238 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b, | |
| 239 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21 | |
| 240 }; | |
| 241 | |
| 242 AES_KEY wctx, xctx; | |
| 243 int ret; | |
| 244 ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16); | |
| 245 fprintf(stderr, "Key test result %d\n", ret); | |
| 246 ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16); | |
| 247 fprintf(stderr, "Key test result %d\n", ret); | |
| 248 ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16); | |
| 249 fprintf(stderr, "Key test result %d\n", ret); | |
| 250 ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24); | |
| 251 fprintf(stderr, "Key test result %d\n", ret); | |
| 252 ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24); | |
| 253 fprintf(stderr, "Key test result %d\n", ret); | |
| 254 ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32); | |
| 255 fprintf(stderr, "Key test result %d\n", ret); | |
| 256 } | |
| 257 | |
| 258 | |
| 259 #endif | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2072073002:
Delete bundled copy of OpenSSL and replace with README. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/openssl@master