Botan 2.19.3
Crypto and TLS for C&
rfc3394.cpp
Go to the documentation of this file.
1/*
2* AES Key Wrap (RFC 3394)
3* (C) 2011 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/rfc3394.h>
9#include <botan/nist_keywrap.h>
10#include <botan/block_cipher.h>
11
12namespace Botan {
13
15 const SymmetricKey& kek)
16 {
17 BOTAN_ARG_CHECK(kek.size() == 16 || kek.size() == 24 || kek.size() == 32,
18 "Invalid KEK length for NIST key wrap");
19
20 const std::string cipher_name = "AES-" + std::to_string(8*kek.size());
21 std::unique_ptr<BlockCipher> aes(BlockCipher::create_or_throw(cipher_name));
22 aes->set_key(kek);
23
24 std::vector<uint8_t> wrapped = nist_key_wrap(key.data(), key.size(), *aes);
25 return secure_vector<uint8_t>(wrapped.begin(), wrapped.end());
26 }
27
29 const SymmetricKey& kek)
30 {
31 BOTAN_ARG_CHECK(kek.size() == 16 || kek.size() == 24 || kek.size() == 32,
32 "Invalid KEK length for NIST key wrap");
33
34 BOTAN_ARG_CHECK(key.size() >= 16 && key.size() % 8 == 0,
35 "Bad input key size for NIST key unwrap");
36
37 const std::string cipher_name = "AES-" + std::to_string(8*kek.size());
38 std::unique_ptr<BlockCipher> aes(BlockCipher::create_or_throw(cipher_name));
39 aes->set_key(kek);
40
41 return nist_key_unwrap(key.data(), key.size(), *aes);
42 }
43
44}
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:37
static std::unique_ptr< BlockCipher > create_or_throw(const std::string &algo_spec, const std::string &provider="")
size_t size() const
Definition symkey.h:26
std::vector< uint8_t > nist_key_wrap(const uint8_t input[], size_t input_len, const BlockCipher &bc)
secure_vector< uint8_t > rfc3394_keywrap(const secure_vector< uint8_t > &key, const SymmetricKey &kek)
Definition rfc3394.cpp:14
secure_vector< uint8_t > rfc3394_keyunwrap(const secure_vector< uint8_t > &key, const SymmetricKey &kek)
Definition rfc3394.cpp:28
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65
secure_vector< uint8_t > nist_key_unwrap(const uint8_t input[], size_t input_len, const BlockCipher &bc)