1e1051a39Sopenharmony_ci/*
2e1051a39Sopenharmony_ci * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
3e1051a39Sopenharmony_ci *
4e1051a39Sopenharmony_ci * Licensed under the Apache License 2.0 (the "License").  You may not use
5e1051a39Sopenharmony_ci * this file except in compliance with the License.  You can obtain a copy
6e1051a39Sopenharmony_ci * in the file LICENSE in the source distribution or at
7e1051a39Sopenharmony_ci * https://www.openssl.org/source/license.html
8e1051a39Sopenharmony_ci */
9e1051a39Sopenharmony_ci
10e1051a39Sopenharmony_ci/*
11e1051a39Sopenharmony_ci * Simple aes wrap encryption demonstration program.
12e1051a39Sopenharmony_ci */
13e1051a39Sopenharmony_ci
14e1051a39Sopenharmony_ci#include <stdio.h>
15e1051a39Sopenharmony_ci#include <openssl/err.h>
16e1051a39Sopenharmony_ci#include <openssl/bio.h>
17e1051a39Sopenharmony_ci#include <openssl/evp.h>
18e1051a39Sopenharmony_ci#include <openssl/crypto.h>
19e1051a39Sopenharmony_ci#include <openssl/core_names.h>
20e1051a39Sopenharmony_ci
21e1051a39Sopenharmony_ci/* aes key */
22e1051a39Sopenharmony_cistatic const unsigned char wrap_key[] = {
23e1051a39Sopenharmony_ci    0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66,
24e1051a39Sopenharmony_ci    0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
25e1051a39Sopenharmony_ci    0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f
26e1051a39Sopenharmony_ci};
27e1051a39Sopenharmony_ci
28e1051a39Sopenharmony_ci/* Unique initialisation vector */
29e1051a39Sopenharmony_cistatic const unsigned char wrap_iv[] = {
30e1051a39Sopenharmony_ci    0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84,
31e1051a39Sopenharmony_ci    0x99, 0xaa, 0x3e, 0x68,
32e1051a39Sopenharmony_ci};
33e1051a39Sopenharmony_ci
34e1051a39Sopenharmony_ci/* Example plaintext to encrypt */
35e1051a39Sopenharmony_cistatic const unsigned char wrap_pt[] = {
36e1051a39Sopenharmony_ci    0xad, 0x4f, 0xc9, 0xfc, 0x77, 0x69, 0xc9, 0xea, 0xfc, 0xdf, 0x00, 0xac,
37e1051a39Sopenharmony_ci    0x34, 0xec, 0x40, 0xbc, 0x28, 0x3f, 0xa4, 0x5e, 0xd8, 0x99, 0xe4, 0x5d,
38e1051a39Sopenharmony_ci    0x5e, 0x7a, 0xc4, 0xe6, 0xca, 0x7b, 0xa5, 0xb7,
39e1051a39Sopenharmony_ci};
40e1051a39Sopenharmony_ci
41e1051a39Sopenharmony_ci/* Expected ciphertext value */
42e1051a39Sopenharmony_cistatic const unsigned char wrap_ct[] = {
43e1051a39Sopenharmony_ci    0x97, 0x99, 0x55, 0xca, 0xf6, 0x3e, 0x95, 0x54, 0x39, 0xd6, 0xaf, 0x63, 0xff, 0x2c, 0xe3, 0x96,
44e1051a39Sopenharmony_ci    0xf7, 0x0d, 0x2c, 0x9c, 0xc7, 0x43, 0xc0, 0xb6, 0x31, 0x43, 0xb9, 0x20, 0xac, 0x6b, 0xd3, 0x67,
45e1051a39Sopenharmony_ci    0xad, 0x01, 0xaf, 0xa7, 0x32, 0x74, 0x26, 0x92,
46e1051a39Sopenharmony_ci};
47e1051a39Sopenharmony_ci
48e1051a39Sopenharmony_ci/*
49e1051a39Sopenharmony_ci * A library context and property query can be used to select & filter
50e1051a39Sopenharmony_ci * algorithm implementations. If they are NULL then the default library
51e1051a39Sopenharmony_ci * context and properties are used.
52e1051a39Sopenharmony_ci */
53e1051a39Sopenharmony_ciOSSL_LIB_CTX *libctx = NULL;
54e1051a39Sopenharmony_ciconst char *propq = NULL;
55e1051a39Sopenharmony_ci
56e1051a39Sopenharmony_ciint aes_wrap_encrypt(void)
57e1051a39Sopenharmony_ci{
58e1051a39Sopenharmony_ci    int ret = 0;
59e1051a39Sopenharmony_ci    EVP_CIPHER_CTX *ctx;
60e1051a39Sopenharmony_ci    EVP_CIPHER *cipher = NULL;
61e1051a39Sopenharmony_ci    int outlen, tmplen;
62e1051a39Sopenharmony_ci    unsigned char outbuf[1024];
63e1051a39Sopenharmony_ci
64e1051a39Sopenharmony_ci    printf("aes wrap Encrypt:\n");
65e1051a39Sopenharmony_ci    printf("Plaintext:\n");
66e1051a39Sopenharmony_ci    BIO_dump_fp(stdout, wrap_pt, sizeof(wrap_pt));
67e1051a39Sopenharmony_ci
68e1051a39Sopenharmony_ci    /* Create a context for the encrypt operation */
69e1051a39Sopenharmony_ci    if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
70e1051a39Sopenharmony_ci        goto err;
71e1051a39Sopenharmony_ci
72e1051a39Sopenharmony_ci    EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
73e1051a39Sopenharmony_ci
74e1051a39Sopenharmony_ci    /* Fetch the cipher implementation */
75e1051a39Sopenharmony_ci    if ((cipher = EVP_CIPHER_fetch(libctx, "AES-256-WRAP", propq)) == NULL)
76e1051a39Sopenharmony_ci        goto err;
77e1051a39Sopenharmony_ci
78e1051a39Sopenharmony_ci    /*
79e1051a39Sopenharmony_ci     * Initialise an encrypt operation with the cipher/mode, key and IV.
80e1051a39Sopenharmony_ci     * We are not setting any custom params so let params be just NULL.
81e1051a39Sopenharmony_ci     */
82e1051a39Sopenharmony_ci    if (!EVP_EncryptInit_ex2(ctx, cipher, wrap_key, wrap_iv, /* params */ NULL))
83e1051a39Sopenharmony_ci        goto err;
84e1051a39Sopenharmony_ci
85e1051a39Sopenharmony_ci    /* Encrypt plaintext */
86e1051a39Sopenharmony_ci    if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, wrap_pt, sizeof(wrap_pt)))
87e1051a39Sopenharmony_ci        goto err;
88e1051a39Sopenharmony_ci
89e1051a39Sopenharmony_ci    /* Finalise: there can be some additional output from padding */
90e1051a39Sopenharmony_ci    if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen))
91e1051a39Sopenharmony_ci        goto err;
92e1051a39Sopenharmony_ci    outlen += tmplen;
93e1051a39Sopenharmony_ci
94e1051a39Sopenharmony_ci    /* Output encrypted block */
95e1051a39Sopenharmony_ci    printf("Ciphertext (outlen:%d):\n", outlen);
96e1051a39Sopenharmony_ci    BIO_dump_fp(stdout, outbuf, outlen);
97e1051a39Sopenharmony_ci
98e1051a39Sopenharmony_ci    if (sizeof(wrap_ct) == outlen && !CRYPTO_memcmp(outbuf, wrap_ct, outlen))
99e1051a39Sopenharmony_ci        printf("Final ciphertext matches expected ciphertext\n");
100e1051a39Sopenharmony_ci    else
101e1051a39Sopenharmony_ci        printf("Final ciphertext differs from expected ciphertext\n");
102e1051a39Sopenharmony_ci
103e1051a39Sopenharmony_ci    ret = 1;
104e1051a39Sopenharmony_cierr:
105e1051a39Sopenharmony_ci    if (!ret)
106e1051a39Sopenharmony_ci        ERR_print_errors_fp(stderr);
107e1051a39Sopenharmony_ci
108e1051a39Sopenharmony_ci    EVP_CIPHER_free(cipher);
109e1051a39Sopenharmony_ci    EVP_CIPHER_CTX_free(ctx);
110e1051a39Sopenharmony_ci
111e1051a39Sopenharmony_ci    return ret;
112e1051a39Sopenharmony_ci}
113e1051a39Sopenharmony_ci
114e1051a39Sopenharmony_ciint aes_wrap_decrypt(void)
115e1051a39Sopenharmony_ci{
116e1051a39Sopenharmony_ci    int ret = 0;
117e1051a39Sopenharmony_ci    EVP_CIPHER_CTX *ctx;
118e1051a39Sopenharmony_ci    EVP_CIPHER *cipher = NULL;
119e1051a39Sopenharmony_ci    int outlen, tmplen;
120e1051a39Sopenharmony_ci    unsigned char outbuf[1024];
121e1051a39Sopenharmony_ci
122e1051a39Sopenharmony_ci    printf("aes wrap Decrypt:\n");
123e1051a39Sopenharmony_ci    printf("Ciphertext:\n");
124e1051a39Sopenharmony_ci    BIO_dump_fp(stdout, wrap_ct, sizeof(wrap_ct));
125e1051a39Sopenharmony_ci
126e1051a39Sopenharmony_ci    if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
127e1051a39Sopenharmony_ci        goto err;
128e1051a39Sopenharmony_ci
129e1051a39Sopenharmony_ci    EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
130e1051a39Sopenharmony_ci
131e1051a39Sopenharmony_ci    /* Fetch the cipher implementation */
132e1051a39Sopenharmony_ci    if ((cipher = EVP_CIPHER_fetch(libctx, "aes-256-wrap", propq)) == NULL)
133e1051a39Sopenharmony_ci        goto err;
134e1051a39Sopenharmony_ci
135e1051a39Sopenharmony_ci    /*
136e1051a39Sopenharmony_ci     * Initialise an encrypt operation with the cipher/mode, key and IV.
137e1051a39Sopenharmony_ci     * We are not setting any custom params so let params be just NULL.
138e1051a39Sopenharmony_ci     */
139e1051a39Sopenharmony_ci    if (!EVP_DecryptInit_ex2(ctx, cipher, wrap_key, wrap_iv, /* params */ NULL))
140e1051a39Sopenharmony_ci        goto err;
141e1051a39Sopenharmony_ci
142e1051a39Sopenharmony_ci    /* Decrypt plaintext */
143e1051a39Sopenharmony_ci    if (!EVP_DecryptUpdate(ctx, outbuf, &outlen, wrap_ct, sizeof(wrap_ct)))
144e1051a39Sopenharmony_ci        goto err;
145e1051a39Sopenharmony_ci
146e1051a39Sopenharmony_ci    /* Finalise: there can be some additional output from padding */
147e1051a39Sopenharmony_ci    if (!EVP_DecryptFinal_ex(ctx, outbuf + outlen, &tmplen))
148e1051a39Sopenharmony_ci        goto err;
149e1051a39Sopenharmony_ci    outlen += tmplen;
150e1051a39Sopenharmony_ci
151e1051a39Sopenharmony_ci    /* Output decrypted block */
152e1051a39Sopenharmony_ci    printf("Plaintext (outlen:%d):\n", outlen);
153e1051a39Sopenharmony_ci    BIO_dump_fp(stdout, outbuf, outlen);
154e1051a39Sopenharmony_ci
155e1051a39Sopenharmony_ci    if (sizeof(wrap_pt) == outlen && !CRYPTO_memcmp(outbuf, wrap_pt, outlen))
156e1051a39Sopenharmony_ci        printf("Final plaintext matches original plaintext\n");
157e1051a39Sopenharmony_ci    else
158e1051a39Sopenharmony_ci        printf("Final plaintext differs from original plaintext\n");
159e1051a39Sopenharmony_ci
160e1051a39Sopenharmony_ci    ret = 1;
161e1051a39Sopenharmony_cierr:
162e1051a39Sopenharmony_ci    if (!ret)
163e1051a39Sopenharmony_ci        ERR_print_errors_fp(stderr);
164e1051a39Sopenharmony_ci
165e1051a39Sopenharmony_ci    EVP_CIPHER_free(cipher);
166e1051a39Sopenharmony_ci    EVP_CIPHER_CTX_free(ctx);
167e1051a39Sopenharmony_ci
168e1051a39Sopenharmony_ci    return ret;
169e1051a39Sopenharmony_ci}
170e1051a39Sopenharmony_ci
171e1051a39Sopenharmony_ciint main(int argc, char **argv)
172e1051a39Sopenharmony_ci{
173e1051a39Sopenharmony_ci    if (!aes_wrap_encrypt())
174e1051a39Sopenharmony_ci       return 1;
175e1051a39Sopenharmony_ci
176e1051a39Sopenharmony_ci    if (!aes_wrap_decrypt())
177e1051a39Sopenharmony_ci        return 1;
178e1051a39Sopenharmony_ci
179e1051a39Sopenharmony_ci    return 0;
180e1051a39Sopenharmony_ci}
181e1051a39Sopenharmony_ci
182