7#include <botan/nist_keywrap.h>
9#include <botan/block_cipher.h>
10#include <botan/exceptn.h>
11#include <botan/internal/loadstor.h>
17std::vector<uint8_t> raw_nist_key_wrap(
const uint8_t input[],
size_t input_len,
const BlockCipher& bc, uint64_t ICV) {
18 const size_t n = (input_len + 7) / 8;
27 for(
size_t j = 0; j <= 5; ++j) {
28 for(
size_t i = 1; i <= n; ++i) {
29 const uint32_t t =
static_cast<uint32_t
>((n * j) + i);
36 uint8_t t_buf[4] = {0};
44 return std::vector<uint8_t>(R.begin(), R.end());
49 const BlockCipher& bc,
51 if(input_len < 16 || input_len % 8 != 0) {
52 throw Invalid_Argument(
"Bad input size for NIST key unwrap");
55 const size_t n = (input_len - 8) / 8;
60 for(
size_t i = 0; i != 8; ++i) {
64 copy_mem(R.data(), input + 8, input_len - 8);
66 for(
size_t j = 0; j <= 5; ++j) {
67 for(
size_t i = n; i != 0; --i) {
68 const uint32_t t =
static_cast<uint32_t
>((5 - j) * n + i);
70 uint8_t t_buf[4] = {0};
95 if(input_len % 8 != 0) {
99 const uint64_t ICV = 0xA6A6A6A6A6A6A6A6;
106 std::vector<uint8_t> block(16);
108 copy_mem(block.data() + 8, input, input_len);
112 return raw_nist_key_wrap(input, input_len, bc, ICV);
118 throw Invalid_Argument(
"NIST key wrap algorithm requires a 128-bit cipher");
121 if(input_len < 16 || input_len % 8 != 0) {
125 const uint64_t ICV = 0xA6A6A6A6A6A6A6A6;
127 uint64_t ICV_out = 0;
130 if(input_len == 16) {
136 copy_mem(R.data(), block.data() + 8, 8);
138 R = raw_nist_key_unwrap(input, input_len, bc, ICV_out);
150 throw Invalid_Argument(
"NIST key wrap algorithm requires a 128-bit cipher");
153 const uint64_t ICV = 0xA65959A600000000 |
static_cast<uint32_t
>(input_len);
159 std::vector<uint8_t> block(16);
161 copy_mem(block.data() + 8, input, input_len);
165 return raw_nist_key_wrap(input, input_len, bc, ICV);
171 throw Invalid_Argument(
"NIST key wrap algorithm requires a 128-bit cipher");
174 if(input_len < 16 || input_len % 8 != 0) {
178 uint64_t ICV_out = 0;
181 if(input_len == 16) {
187 copy_mem(R.data(), block.data() + 8, 8);
189 R = raw_nist_key_unwrap(input, input_len, bc, ICV_out);
192 if((ICV_out >> 32) != 0xA65959A6) {
196 const size_t len = (ICV_out & 0xFFFFFFFF);
198 if(R.size() < 8 || len > R.size() || len <= R.size() - 8) {
202 const size_t padding = R.size() - len;
204 for(
size_t i = 0; i != padding; ++i) {
205 if(R[R.size() - i - 1] != 0) {
210 R.resize(R.size() - padding);
void encrypt(const uint8_t in[], uint8_t out[]) const
void decrypt(const uint8_t in[], uint8_t out[]) const
virtual size_t block_size() const =0
std::vector< uint8_t > nist_key_wrap(const uint8_t input[], size_t input_len, const BlockCipher &bc)
std::vector< uint8_t > nist_key_wrap_padded(const uint8_t input[], size_t input_len, const BlockCipher &bc)
secure_vector< uint8_t > nist_key_unwrap_padded(const uint8_t input[], size_t input_len, const BlockCipher &bc)
constexpr void xor_buf(ranges::contiguous_output_range< uint8_t > auto &&out, ranges::contiguous_range< uint8_t > auto &&in)
std::vector< T, secure_allocator< T > > secure_vector
constexpr void copy_mem(T *out, const T *in, size_t n)
constexpr auto store_be(ParamTs &&... params)
constexpr auto load_be(ParamTs &&... params)
secure_vector< uint8_t > nist_key_unwrap(const uint8_t input[], size_t input_len, const BlockCipher &bc)