1fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt/*
2fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt * AES SIV (RFC 5297)
3fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt * Copyright (c) 2013 Cozybit, Inc.
4fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt *
5fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt * This software may be distributed under the terms of the BSD license.
6fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt * See README for more details.
7fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt */
8fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
9fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt#include "includes.h"
10fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
11fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt#include "common.h"
12fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt#include "aes.h"
13fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt#include "aes_wrap.h"
14746bde5f922dfd627d25111da4313395bc4ed6afDmitry Shmidt#include "aes_siv.h"
15fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
16fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
17fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidtstatic const u8 zero[AES_BLOCK_SIZE];
18fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
19fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
20fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidtstatic void dbl(u8 *pad)
21fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt{
22fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	int i, carry;
23fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
24fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	carry = pad[0] & 0x80;
25fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
26fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
27fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	pad[AES_BLOCK_SIZE - 1] <<= 1;
28fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	if (carry)
29fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		pad[AES_BLOCK_SIZE - 1] ^= 0x87;
30fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt}
31fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
32fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
33fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidtstatic void xor(u8 *a, const u8 *b)
34fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt{
35fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	int i;
36fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
37fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	for (i = 0; i < AES_BLOCK_SIZE; i++)
38fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		*a++ ^= *b++;
39fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt}
40fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
41fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
42fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidtstatic void xorend(u8 *a, int alen, const u8 *b, int blen)
43fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt{
44fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	int i;
45fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
46fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	if (alen < blen)
47fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		return;
48fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
49fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	for (i = 0; i < blen; i++)
50fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		a[alen - blen + i] ^= b[i];
51fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt}
52fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
53fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
54fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidtstatic void pad_block(u8 *pad, const u8 *addr, size_t len)
55fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt{
56fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	os_memset(pad, 0, AES_BLOCK_SIZE);
57fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	os_memcpy(pad, addr, len);
58fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
59fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	if (len < AES_BLOCK_SIZE)
60fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		pad[len] = 0x80;
61fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt}
62fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
63fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
649839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidtstatic int aes_s2v(const u8 *key, size_t key_len,
659839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt		   size_t num_elem, const u8 *addr[], size_t *len, u8 *mac)
66fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt{
67fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	u8 tmp[AES_BLOCK_SIZE], tmp2[AES_BLOCK_SIZE];
68fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	u8 *buf = NULL;
69fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	int ret;
70fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	size_t i;
719839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	const u8 *data[1];
729839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	size_t data_len[1];
73fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
74fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	if (!num_elem) {
75fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		os_memcpy(tmp, zero, sizeof(zero));
76fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		tmp[AES_BLOCK_SIZE - 1] = 1;
779839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt		data[0] = tmp;
789839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt		data_len[0] = sizeof(tmp);
799839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt		return omac1_aes_vector(key, key_len, 1, data, data_len, mac);
80fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	}
81fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
829839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	data[0] = zero;
839839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	data_len[0] = sizeof(zero);
849839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	ret = omac1_aes_vector(key, key_len, 1, data, data_len, tmp);
85fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	if (ret)
86fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		return ret;
87fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
88fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	for (i = 0; i < num_elem - 1; i++) {
899839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt		ret = omac1_aes_vector(key, key_len, 1, &addr[i], &len[i],
909839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt				       tmp2);
91fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		if (ret)
92fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt			return ret;
93fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
94fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		dbl(tmp);
95fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		xor(tmp, tmp2);
96fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	}
97fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	if (len[i] >= AES_BLOCK_SIZE) {
98d2986c2e737a8441ff5a791b6b56c1c8322ef3c9Dmitry Shmidt		buf = os_memdup(addr[i], len[i]);
99fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		if (!buf)
100fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt			return -ENOMEM;
101fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
102fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		xorend(buf, len[i], tmp, AES_BLOCK_SIZE);
1039839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt		data[0] = buf;
1049839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt		ret = omac1_aes_vector(key, key_len, 1, data, &len[i], mac);
105746bde5f922dfd627d25111da4313395bc4ed6afDmitry Shmidt		bin_clear_free(buf, len[i]);
106fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		return ret;
107fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	}
108fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
109fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	dbl(tmp);
110fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	pad_block(tmp2, addr[i], len[i]);
111fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	xor(tmp, tmp2);
112fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
1139839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	data[0] = tmp;
1149839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	data_len[0] = sizeof(tmp);
1159839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	return omac1_aes_vector(key, key_len, 1, data, data_len, mac);
116fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt}
117fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
118fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
1199839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidtint aes_siv_encrypt(const u8 *key, size_t key_len,
1209839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt		    const u8 *pw, size_t pwlen,
1219839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt		    size_t num_elem, const u8 *addr[], const size_t *len,
1229839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt		    u8 *out)
123fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt{
124fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	const u8 *_addr[6];
125fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	size_t _len[6];
1269839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	const u8 *k1, *k2;
127fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	u8 v[AES_BLOCK_SIZE];
128fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	size_t i;
129fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	u8 *iv, *crypt_pw;
130fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
1319839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	if (num_elem > ARRAY_SIZE(_addr) - 1 ||
1329839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	    (key_len != 32 && key_len != 48 && key_len != 64))
133fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		return -1;
134fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
1359839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	key_len /= 2;
1369839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	k1 = key;
1379839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	k2 = key + key_len;
1389839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt
139fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	for (i = 0; i < num_elem; i++) {
140fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		_addr[i] = addr[i];
141fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		_len[i] = len[i];
142fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	}
143fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	_addr[num_elem] = pw;
144fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	_len[num_elem] = pwlen;
145fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
1469839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	if (aes_s2v(k1, key_len, num_elem + 1, _addr, _len, v))
147fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		return -1;
148fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
149fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	iv = out;
150fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	crypt_pw = out + AES_BLOCK_SIZE;
151fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
152fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	os_memcpy(iv, v, AES_BLOCK_SIZE);
153fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	os_memcpy(crypt_pw, pw, pwlen);
154fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
155fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	/* zero out 63rd and 31st bits of ctr (from right) */
156fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	v[8] &= 0x7f;
157fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	v[12] &= 0x7f;
1589839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	return aes_ctr_encrypt(k2, key_len, v, crypt_pw, pwlen);
159fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt}
160fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
161fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
1629839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidtint aes_siv_decrypt(const u8 *key, size_t key_len,
1639839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt		    const u8 *iv_crypt, size_t iv_c_len,
164fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		    size_t num_elem, const u8 *addr[], const size_t *len,
165fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		    u8 *out)
166fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt{
167fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	const u8 *_addr[6];
168fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	size_t _len[6];
1699839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	const u8 *k1, *k2;
170fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	size_t crypt_len;
171fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	size_t i;
172fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	int ret;
173fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	u8 iv[AES_BLOCK_SIZE];
174fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	u8 check[AES_BLOCK_SIZE];
175fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
1769839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	if (iv_c_len < AES_BLOCK_SIZE || num_elem > ARRAY_SIZE(_addr) - 1 ||
1779839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	    (key_len != 32 && key_len != 48 && key_len != 64))
178fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		return -1;
179fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	crypt_len = iv_c_len - AES_BLOCK_SIZE;
1809839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	key_len /= 2;
1819839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	k1 = key;
1829839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	k2 = key + key_len;
183fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
184fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	for (i = 0; i < num_elem; i++) {
185fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		_addr[i] = addr[i];
186fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		_len[i] = len[i];
187fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	}
188fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	_addr[num_elem] = out;
189fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	_len[num_elem] = crypt_len;
190fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
191fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	os_memcpy(iv, iv_crypt, AES_BLOCK_SIZE);
192fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	os_memcpy(out, iv_crypt + AES_BLOCK_SIZE, crypt_len);
193fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
194fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	iv[8] &= 0x7f;
195fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	iv[12] &= 0x7f;
196fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
1979839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	ret = aes_ctr_encrypt(k2, key_len, iv, out, crypt_len);
198fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	if (ret)
199fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		return ret;
200fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
2019839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt	ret = aes_s2v(k1, key_len, num_elem + 1, _addr, _len, check);
202fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	if (ret)
203fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		return ret;
204fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	if (os_memcmp(check, iv_crypt, AES_BLOCK_SIZE) == 0)
205fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt		return 0;
206fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt
207fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt	return -1;
208fb45fd5cfed8bdccd0859c7fc05449fc187e2d06Dmitry Shmidt}
209