Blame - include/mbedtls/nist_kw.h - mirror/mbed-tls

blob: 94356569942c296ccb96b98a8d89c37245cfcc6a [file] [log] [blame]

Ron Eldor	466a57f	2018-05-03 16:54:28 +0300	[diff] [blame]	1	/**
				2	* \file nist_kw.h
				3	*
				4	* \brief This file provides an API for key wrapping (KW) and key wrapping with
				5	* padding (KWP) as defined in NIST SP 800-38F.
				6	* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf
				7	*
				8	* Key wrapping specifies a deterministic authenticated-encryption mode
				9	* of operation, according to <em>NIST SP 800-38F: Recommendation for
				10	* Block Cipher Modes of Operation: Methods for Key Wrapping</em>. Its
				11	* purpose is to protect cryptographic keys.
				12	*
				13	* Its equivalent is RFC 3394 for KW, and RFC 5649 for KWP.
				14	* https://tools.ietf.org/html/rfc3394
				15	* https://tools.ietf.org/html/rfc5649
				16	*
				17	*/
				18	/*
Bence Szépkúti	a2947ac	2020-08-19 16:37:36 +0200	[diff] [blame]	19	* Copyright The Mbed TLS Contributors
Bence Szépkúti	f744bd7	2020-06-05 13:02:18 +0200	[diff] [blame]	20	* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
				21	*
				22	* This file is provided under the Apache License 2.0, or the
				23	* GNU General Public License v2.0 or later.
				24	*
				25	* **********
				26	* Apache License 2.0:
Ron Eldor	466a57f	2018-05-03 16:54:28 +0300	[diff] [blame]	27	*
				28	* Licensed under the Apache License, Version 2.0 (the "License"); you may
				29	* not use this file except in compliance with the License.
				30	* You may obtain a copy of the License at
				31	*
				32	* http://www.apache.org/licenses/LICENSE-2.0
				33	*
				34	* Unless required by applicable law or agreed to in writing, software
				35	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				36	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				37	* See the License for the specific language governing permissions and
				38	* limitations under the License.
				39	*
Bence Szépkúti	f744bd7	2020-06-05 13:02:18 +0200	[diff] [blame]	40	* **********
				41	*
				42	* **********
				43	* GNU General Public License v2.0 or later:
				44	*
				45	* This program is free software; you can redistribute it and/or modify
				46	* it under the terms of the GNU General Public License as published by
				47	* the Free Software Foundation; either version 2 of the License, or
				48	* (at your option) any later version.
				49	*
				50	* This program is distributed in the hope that it will be useful,
				51	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				52	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				53	* GNU General Public License for more details.
				54	*
				55	* You should have received a copy of the GNU General Public License along
				56	* with this program; if not, write to the Free Software Foundation, Inc.,
				57	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				58	*
				59	* **********
Ron Eldor	466a57f	2018-05-03 16:54:28 +0300	[diff] [blame]	60	*/
				61
				62	#ifndef MBEDTLS_NIST_KW_H
				63	#define MBEDTLS_NIST_KW_H
				64
Ron Eldor	9cbd1b2	2018-12-16 12:14:37 +0200	[diff] [blame]	65	#if !defined(MBEDTLS_CONFIG_FILE)
				66	#include "config.h"
				67	#else
				68	#include MBEDTLS_CONFIG_FILE
				69	#endif
				70
Ron Eldor	466a57f	2018-05-03 16:54:28 +0300	[diff] [blame]	71	#include "cipher.h"
				72
				73	#ifdef __cplusplus
				74	extern "C" {
				75	#endif
				76
				77	typedef enum
				78	{
				79	MBEDTLS_KW_MODE_KW = 0,
				80	MBEDTLS_KW_MODE_KWP = 1
				81	} mbedtls_nist_kw_mode_t;
				82
				83	#if !defined(MBEDTLS_NIST_KW_ALT)
				84	// Regular implementation
				85	//
				86
				87	/**
				88	* \brief The key wrapping context-type definition. The key wrapping context is passed
				89	* to the APIs called.
				90	*
				91	* \note The definition of this type may change in future library versions.
				92	* Don't make any assumptions on this context!
				93	*/
				94	typedef struct {
				95	mbedtls_cipher_context_t cipher_ctx; /!< The cipher context used. /
				96	} mbedtls_nist_kw_context;
				97
				98	#else /* MBEDTLS_NIST_key wrapping_ALT */
				99	#include "nist_kw_alt.h"
				100	#endif /* MBEDTLS_NIST_KW_ALT */
				101
				102	/**
				103	* \brief This function initializes the specified key wrapping context
				104	* to make references valid and prepare the context
				105	* for mbedtls_nist_kw_setkey() or mbedtls_nist_kw_free().
				106	*
				107	* \param ctx The key wrapping context to initialize.
				108	*
				109	*/
				110	void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx );
				111
				112	/**
				113	* \brief This function initializes the key wrapping context set in the
				114	* \p ctx parameter and sets the encryption key.
				115	*
				116	* \param ctx The key wrapping context.
				117	* \param cipher The 128-bit block cipher to use. Only AES is supported.
				118	* \param key The Key Encryption Key (KEK).
				119	* \param keybits The KEK size in bits. This must be acceptable by the cipher.
				120	* \param is_wrap Specify whether the operation within the context is wrapping or unwrapping
				121	*
				122	* \return \c 0 on success.
				123	* \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for any invalid input.
				124	* \return \c MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE for 128-bit block ciphers
				125	* which are not supported.
				126	* \return cipher-specific error code on failure of the underlying cipher.
				127	*/
				128	int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx,
				129	mbedtls_cipher_id_t cipher,
				130	const unsigned char *key,
				131	unsigned int keybits,
				132	const int is_wrap );
				133
				134	/**
				135	* \brief This function releases and clears the specified key wrapping context
				136	* and underlying cipher sub-context.
				137	*
				138	* \param ctx The key wrapping context to clear.
				139	*/
				140	void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx );
				141
				142	/**
				143	* \brief This function encrypts a buffer using key wrapping.
				144	*
				145	* \param ctx The key wrapping context to use for encryption.
				146	* \param mode The key wrapping mode to use (MBEDTLS_KW_MODE_KW or MBEDTLS_KW_MODE_KWP)
				147	* \param input The buffer holding the input data.
				148	* \param in_len The length of the input data in Bytes.
				149	* The input uses units of 8 Bytes called semiblocks.
				150	* <ul><li>For KW mode: a multiple of 8 bytes between 16 and 2^57-8 inclusive. </li>
				151	* <li>For KWP mode: any length between 1 and 2^32-1 inclusive.</li></ul>
				152	* \param[out] output The buffer holding the output data.
				153	* <ul><li>For KW mode: Must be at least 8 bytes larger than \p in_len.</li>
				154	* <li>For KWP mode: Must be at least 8 bytes larger rounded up to a multiple of
				155	* 8 bytes for KWP (15 bytes at most).</li></ul>
				156	* \param[out] out_len The number of bytes written to the output buffer. \c 0 on failure.
				157	* \param[in] out_size The capacity of the output buffer.
				158	*
				159	* \return \c 0 on success.
				160	* \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length.
				161	* \return cipher-specific error code on failure of the underlying cipher.
				162	*/
				163	int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
				164	const unsigned char *input, size_t in_len,
				165	unsigned char output, size_t out_len, size_t out_size );
				166
				167	/**
				168	* \brief This function decrypts a buffer using key wrapping.
				169	*
				170	* \param ctx The key wrapping context to use for decryption.
				171	* \param mode The key wrapping mode to use (MBEDTLS_KW_MODE_KW or MBEDTLS_KW_MODE_KWP)
				172	* \param input The buffer holding the input data.
				173	* \param in_len The length of the input data in Bytes.
				174	* The input uses units of 8 Bytes called semiblocks.
				175	* The input must be a multiple of semiblocks.
				176	* <ul><li>For KW mode: a multiple of 8 bytes between 24 and 2^57 inclusive. </li>
				177	* <li>For KWP mode: a multiple of 8 bytes between 16 and 2^32 inclusive.</li></ul>
				178	* \param[out] output The buffer holding the output data.
				179	* The output buffer's minimal length is 8 bytes shorter than \p in_len.
				180	* \param[out] out_len The number of bytes written to the output buffer. \c 0 on failure.
				181	* For KWP mode, the length could be up to 15 bytes shorter than \p in_len,
				182	* depending on how much padding was added to the data.
				183	* \param[in] out_size The capacity of the output buffer.
				184	*
				185	* \return \c 0 on success.
				186	* \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length.
				187	* \return \c MBEDTLS_ERR_CIPHER_AUTH_FAILED for verification failure of the ciphertext.
				188	* \return cipher-specific error code on failure of the underlying cipher.
				189	*/
				190	int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
				191	const unsigned char *input, size_t in_len,
				192	unsigned char output, size_t out_len, size_t out_size);
				193
				194
				195	#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
				196	/**
				197	* \brief The key wrapping checkup routine.
				198	*
				199	* \return \c 0 on success.
				200	* \return \c 1 on failure.
				201	*/
				202	int mbedtls_nist_kw_self_test( int verbose );
				203	#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
				204
				205	#ifdef __cplusplus
				206	}
				207	#endif
				208
				209	#endif /* MBEDTLS_NIST_KW_H */