• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /**
2  * \file nist_kw.h
3  *
4  * \brief This file provides an API for key wrapping (KW) and key wrapping with
5  *        padding (KWP) as defined in NIST SP 800-38F.
6  *        https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf
7  *
8  *        Key wrapping specifies a deterministic authenticated-encryption mode
9  *        of operation, according to <em>NIST SP 800-38F: Recommendation for
10  *        Block Cipher Modes of Operation: Methods for Key Wrapping</em>. Its
11  *        purpose is to protect cryptographic keys.
12  *
13  *        Its equivalent is RFC 3394 for KW, and RFC 5649 for KWP.
14  *        https://tools.ietf.org/html/rfc3394
15  *        https://tools.ietf.org/html/rfc5649
16  *
17  */
18 /*
19  *  Copyright The Mbed TLS Contributors
20  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
21  */
22 
23 #ifndef MBEDTLS_NIST_KW_H
24 #define MBEDTLS_NIST_KW_H
25 
26 #if !defined(MBEDTLS_CONFIG_FILE)
27 #include "mbedtls/config.h"
28 #else
29 #include MBEDTLS_CONFIG_FILE
30 #endif
31 
32 #include "mbedtls/cipher.h"
33 
34 #ifdef __cplusplus
35 extern "C" {
36 #endif
37 
38 typedef enum {
39     MBEDTLS_KW_MODE_KW = 0,
40     MBEDTLS_KW_MODE_KWP = 1
41 } mbedtls_nist_kw_mode_t;
42 
43 #if !defined(MBEDTLS_NIST_KW_ALT)
44 // Regular implementation
45 //
46 
47 /**
48  * \brief    The key wrapping context-type definition. The key wrapping context is passed
49  *           to the APIs called.
50  *
51  * \note     The definition of this type may change in future library versions.
52  *           Don't make any assumptions on this context!
53  */
54 typedef struct {
55     mbedtls_cipher_context_t cipher_ctx;    /*!< The cipher context used. */
56 } mbedtls_nist_kw_context;
57 
58 #else  /* MBEDTLS_NIST_key wrapping_ALT */
59 #include "nist_kw_alt.h"
60 #endif /* MBEDTLS_NIST_KW_ALT */
61 
62 /**
63  * \brief           This function initializes the specified key wrapping context
64  *                  to make references valid and prepare the context
65  *                  for mbedtls_nist_kw_setkey() or mbedtls_nist_kw_free().
66  *
67  * \param ctx       The key wrapping context to initialize.
68  *
69  */
70 void mbedtls_nist_kw_init(mbedtls_nist_kw_context *ctx);
71 
72 /**
73  * \brief           This function initializes the key wrapping context set in the
74  *                  \p ctx parameter and sets the encryption key.
75  *
76  * \param ctx       The key wrapping context.
77  * \param cipher    The 128-bit block cipher to use. Only AES is supported.
78  * \param key       The Key Encryption Key (KEK).
79  * \param keybits   The KEK size in bits. This must be acceptable by the cipher.
80  * \param is_wrap   Specify whether the operation within the context is wrapping or unwrapping
81  *
82  * \return          \c 0 on success.
83  * \return          \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for any invalid input.
84  * \return          \c MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE for 128-bit block ciphers
85  *                  which are not supported.
86  * \return          cipher-specific error code on failure of the underlying cipher.
87  */
88 int mbedtls_nist_kw_setkey(mbedtls_nist_kw_context *ctx,
89                            mbedtls_cipher_id_t cipher,
90                            const unsigned char *key,
91                            unsigned int keybits,
92                            const int is_wrap);
93 
94 /**
95  * \brief   This function releases and clears the specified key wrapping context
96  *          and underlying cipher sub-context.
97  *
98  * \param ctx       The key wrapping context to clear.
99  */
100 void mbedtls_nist_kw_free(mbedtls_nist_kw_context *ctx);
101 
102 /**
103  * \brief           This function encrypts a buffer using key wrapping.
104  *
105  * \param ctx       The key wrapping context to use for encryption.
106  * \param mode      The key wrapping mode to use (MBEDTLS_KW_MODE_KW or MBEDTLS_KW_MODE_KWP)
107  * \param input     The buffer holding the input data.
108  * \param in_len    The length of the input data in Bytes.
109  *                  The input uses units of 8 Bytes called semiblocks.
110  *                  <ul><li>For KW mode: a multiple of 8 bytes between 16 and 2^57-8 inclusive. </li>
111  *                  <li>For KWP mode: any length between 1 and 2^32-1 inclusive.</li></ul>
112  * \param[out] output    The buffer holding the output data.
113  *                  <ul><li>For KW mode: Must be at least 8 bytes larger than \p in_len.</li>
114  *                  <li>For KWP mode: Must be at least 8 bytes larger rounded up to a multiple of
115  *                  8 bytes for KWP (15 bytes at most).</li></ul>
116  * \param[out] out_len The number of bytes written to the output buffer. \c 0 on failure.
117  * \param[in] out_size The capacity of the output buffer.
118  *
119  * \return          \c 0 on success.
120  * \return          \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length.
121  * \return          cipher-specific error code on failure of the underlying cipher.
122  */
123 int mbedtls_nist_kw_wrap(mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
124                          const unsigned char *input, size_t in_len,
125                          unsigned char *output, size_t *out_len, size_t out_size);
126 
127 /**
128  * \brief           This function decrypts a buffer using key wrapping.
129  *
130  * \param ctx       The key wrapping context to use for decryption.
131  * \param mode      The key wrapping mode to use (MBEDTLS_KW_MODE_KW or MBEDTLS_KW_MODE_KWP)
132  * \param input     The buffer holding the input data.
133  * \param in_len    The length of the input data in Bytes.
134  *                  The input uses units of 8 Bytes called semiblocks.
135  *                  The input must be a multiple of semiblocks.
136  *                  <ul><li>For KW mode: a multiple of 8 bytes between 24 and 2^57 inclusive. </li>
137  *                  <li>For KWP mode: a multiple of 8 bytes between 16 and 2^32 inclusive.</li></ul>
138  * \param[out] output    The buffer holding the output data.
139  *                  The output buffer's minimal length is 8 bytes shorter than \p in_len.
140  * \param[out] out_len The number of bytes written to the output buffer. \c 0 on failure.
141  *                  For KWP mode, the length could be up to 15 bytes shorter than \p in_len,
142  *                  depending on how much padding was added to the data.
143  * \param[in] out_size The capacity of the output buffer.
144  *
145  * \return          \c 0 on success.
146  * \return          \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length.
147  * \return          \c MBEDTLS_ERR_CIPHER_AUTH_FAILED for verification failure of the ciphertext.
148  * \return          cipher-specific error code on failure of the underlying cipher.
149  */
150 int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
151                            const unsigned char *input, size_t in_len,
152                            unsigned char *output, size_t *out_len, size_t out_size);
153 
154 
155 #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
156 /**
157  * \brief          The key wrapping checkup routine.
158  *
159  * \return         \c 0 on success.
160  * \return         \c 1 on failure.
161  */
162 int mbedtls_nist_kw_self_test(int verbose);
163 #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
164 
165 #ifdef __cplusplus
166 }
167 #endif
168 
169 #endif /* MBEDTLS_NIST_KW_H */
170