crypto/aes128_unwrap.c

   1 /* Ref. RFC 3394 Advanced Encryption Standard (AES) Key Wrap Algorithm */
   2
   3 #include <arpa/inet.h>
   4 #include <string.h>
   5 #include "aes128.h"
   6
   7 static uint64_t wrapmask(int n)
   8 {
   9 #ifdef BIGENDIAN
  10         return n;
  11 #else
  12         return ((uint64_t)htonl(n) << 32);
  13 #endif
  14 }
  15
  16 void aes128_unwrap(uint8_t key[16], void* buf, unsigned long len)
  17 {
  18         struct aes128 ae;
  19
  20         uint64_t* R = buf;
  21         uint8_t B[16];
  22         long n = len / 8 - 1;
  23         long i, j;
  24
  25         aes128_init(&ae, key);
  26
  27         for(j = 5; j >= 0; j--)
  28                 for(i = n; i >= 1; i--) {
  29                         R[0] ^= wrapmask(n*j + i);
  30
  31                         memcpy(B + 0, &R[0], 8);
  32                         memcpy(B + 8, &R[i], 8);
  33
  34                         aes128_decrypt(&ae, B);
  35
  36                         memcpy(&R[0], B + 0, 8);
  37                         memcpy(&R[i], B + 8, 8);
  38                 }
  39
  40         aes128_fini(&ae);
  41 }