4
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
6
* This program is free software; you can redistribute it and/or modify
7
* it under the terms of the GNU General Public License version 2 as
8
* published by the Free Software Foundation.
10
* Alternatively, this software may be distributed under the terms of BSD
13
* See README and COPYING for more details.
23
* aes_128_eax_encrypt - AES-128 EAX mode encryption
24
* @key: Key for encryption (16 bytes)
25
* @nonce: Nonce for counter mode
26
* @nonce_len: Nonce length in bytes
27
* @hdr: Header data to be authenticity protected
28
* @hdr_len: Length of the header data bytes
29
* @data: Data to encrypt in-place
30
* @data_len: Length of data in bytes
31
* @tag: 16-byte tag value
32
* Returns: 0 on success, -1 on failure
34
int aes_128_eax_encrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
35
const u8 *hdr, size_t hdr_len,
36
u8 *data, size_t data_len, u8 *tag)
40
u8 nonce_mac[AES_BLOCK_SIZE], hdr_mac[AES_BLOCK_SIZE],
41
data_mac[AES_BLOCK_SIZE];
44
if (nonce_len > data_len)
48
if (hdr_len > buf_len)
52
buf = os_malloc(buf_len);
56
os_memset(buf, 0, 15);
59
os_memcpy(buf + 16, nonce, nonce_len);
60
if (omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac))
64
os_memcpy(buf + 16, hdr, hdr_len);
65
if (omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac))
68
if (aes_128_ctr_encrypt(key, nonce_mac, data, data_len))
71
os_memcpy(buf + 16, data, data_len);
72
if (omac1_aes_128(key, buf, 16 + data_len, data_mac))
75
for (i = 0; i < AES_BLOCK_SIZE; i++)
76
tag[i] = nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i];
87
* aes_128_eax_decrypt - AES-128 EAX mode decryption
88
* @key: Key for decryption (16 bytes)
89
* @nonce: Nonce for counter mode
90
* @nonce_len: Nonce length in bytes
91
* @hdr: Header data to be authenticity protected
92
* @hdr_len: Length of the header data bytes
93
* @data: Data to encrypt in-place
94
* @data_len: Length of data in bytes
95
* @tag: 16-byte tag value
96
* Returns: 0 on success, -1 on failure, -2 if tag does not match
98
int aes_128_eax_decrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
99
const u8 *hdr, size_t hdr_len,
100
u8 *data, size_t data_len, const u8 *tag)
104
u8 nonce_mac[AES_BLOCK_SIZE], hdr_mac[AES_BLOCK_SIZE],
105
data_mac[AES_BLOCK_SIZE];
108
if (nonce_len > data_len)
112
if (hdr_len > buf_len)
116
buf = os_malloc(buf_len);
120
os_memset(buf, 0, 15);
123
os_memcpy(buf + 16, nonce, nonce_len);
124
if (omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac)) {
130
os_memcpy(buf + 16, hdr, hdr_len);
131
if (omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac)) {
137
os_memcpy(buf + 16, data, data_len);
138
if (omac1_aes_128(key, buf, 16 + data_len, data_mac)) {
145
for (i = 0; i < AES_BLOCK_SIZE; i++) {
146
if (tag[i] != (nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i]))
150
return aes_128_ctr_encrypt(key, nonce_mac, data, data_len);