Botan 3.0.0
Crypto and TLS for C&
ffi_keywrap.cpp
Go to the documentation of this file.
1/*
2* (C) 2017 Ribose Inc
3* 2023 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/ffi.h>
9#include <botan/internal/ffi_util.h>
10
11#if defined(BOTAN_HAS_NIST_KEYWRAP)
12 #include <botan/block_cipher.h>
13 #include <botan/nist_keywrap.h>
14#endif
15
16extern "C" {
17
18using namespace Botan_FFI;
19
20int botan_nist_kw_enc(const char* cipher_algo, int padded,
21 const uint8_t key[], size_t key_len,
22 const uint8_t kek[], size_t kek_len,
23 uint8_t wrapped_key[], size_t *wrapped_key_len)
24 {
25#if defined(BOTAN_HAS_NIST_KEYWRAP)
26 return ffi_guard_thunk(__func__, [=]() -> int {
27 if(padded != 0 && padded != 1)
29 auto bc = Botan::BlockCipher::create_or_throw(cipher_algo);
30 bc->set_key(kek, kek_len);
31
32 std::vector<uint8_t> output;
33
34 if(padded == 0)
35 output = Botan::nist_key_wrap(key, key_len, *bc);
36 else
37 output = Botan::nist_key_wrap_padded(key, key_len, *bc);
38
39 return write_vec_output(wrapped_key, wrapped_key_len, output);
40 });
41#else
42 BOTAN_UNUSED(cipher_algo, padded, key, key_len, kek, kek_len, wrapped_key, wrapped_key_len);
44#endif
45 }
46
47int botan_nist_kw_dec(const char* cipher_algo, int padded,
48 const uint8_t wrapped_key[], size_t wrapped_key_len,
49 const uint8_t kek[], size_t kek_len,
50 uint8_t key[], size_t *key_len)
51 {
52#if defined(BOTAN_HAS_NIST_KEYWRAP)
53 return ffi_guard_thunk(__func__, [=]() -> int {
54 if(padded != 0 && padded != 1)
56
57 auto bc = Botan::BlockCipher::create_or_throw(cipher_algo);
58 bc->set_key(kek, kek_len);
59
61
62 if(padded == 0)
63 output = Botan::nist_key_unwrap(wrapped_key, wrapped_key_len, *bc);
64 else
65 output = Botan::nist_key_unwrap_padded(wrapped_key, wrapped_key_len, *bc);
66
67 return write_vec_output(key, key_len, output);
68 });
69#else
70 BOTAN_UNUSED(cipher_algo, padded, key, key_len, kek, kek_len, wrapped_key, wrapped_key_len);
72#endif
73 }
74
75int botan_key_wrap3394(const uint8_t key[], size_t key_len,
76 const uint8_t kek[], size_t kek_len,
77 uint8_t wrapped_key[], size_t* wrapped_key_len)
78 {
79 std::string cipher_name = "AES-" + std::to_string(8*kek_len);
80
81 return botan_nist_kw_enc(cipher_name.c_str(), 0,
82 key, key_len,
83 kek, kek_len,
84 wrapped_key, wrapped_key_len);
85 }
86
87int botan_key_unwrap3394(const uint8_t wrapped_key[], size_t wrapped_key_len,
88 const uint8_t kek[], size_t kek_len,
89 uint8_t key[], size_t* key_len)
90 {
91 std::string cipher_name = "AES-" + std::to_string(8*kek_len);
92
93 return botan_nist_kw_dec(cipher_name.c_str(), 0,
94 wrapped_key, wrapped_key_len,
95 kek, kek_len,
96 key, key_len);
97 }
98
99}
#define BOTAN_UNUSED(...)
Definition: assert.h:141
static std::unique_ptr< BlockCipher > create_or_throw(std::string_view algo_spec, std::string_view provider="")
@ BOTAN_FFI_ERROR_NOT_IMPLEMENTED
Definition: ffi.h:91
int botan_nist_kw_enc(const char *cipher_algo, int padded, const uint8_t key[], size_t key_len, const uint8_t kek[], size_t kek_len, uint8_t wrapped_key[], size_t *wrapped_key_len)
Definition: ffi_keywrap.cpp:20
int botan_key_unwrap3394(const uint8_t wrapped_key[], size_t wrapped_key_len, const uint8_t kek[], size_t kek_len, uint8_t key[], size_t *key_len)
Definition: ffi_keywrap.cpp:87
int botan_key_wrap3394(const uint8_t key[], size_t key_len, const uint8_t kek[], size_t kek_len, uint8_t wrapped_key[], size_t *wrapped_key_len)
Definition: ffi_keywrap.cpp:75
int botan_nist_kw_dec(const char *cipher_algo, int padded, const uint8_t wrapped_key[], size_t wrapped_key_len, const uint8_t kek[], size_t kek_len, uint8_t key[], size_t *key_len)
Definition: ffi_keywrap.cpp:47
int ffi_guard_thunk(const char *func_name, const std::function< int()> &thunk)
Definition: ffi.cpp:120
int write_vec_output(uint8_t out[], size_t *out_len, const std::vector< uint8_t, Alloc > &buf)
Definition: ffi_util.h:214
std::vector< uint8_t > nist_key_wrap(const uint8_t input[], size_t input_len, const BlockCipher &bc)
std::vector< uint8_t > nist_key_wrap_padded(const uint8_t input[], size_t input_len, const BlockCipher &bc)
secure_vector< uint8_t > nist_key_unwrap_padded(const uint8_t input[], size_t input_len, const BlockCipher &bc)
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:64
secure_vector< uint8_t > nist_key_unwrap(const uint8_t input[], size_t input_len, const BlockCipher &bc)