Blame - include/mbedtls/nist_kw.h - mirror/mbed-tls

blob: f2b9cebf9caf25ccb5c2a3ce484e0ac63892cebe [file] [log] [blame]

Ron Eldor	466a57f	2018-05-03 16:54:28 +0300	[diff] [blame]	1	/**
				2	* \file nist_kw.h
				3	*
				4	* \brief This file provides an API for key wrapping (KW) and key wrapping with
				5	* padding (KWP) as defined in NIST SP 800-38F.
				6	* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf
				7	*
				8	* Key wrapping specifies a deterministic authenticated-encryption mode
				9	* of operation, according to <em>NIST SP 800-38F: Recommendation for
				10	* Block Cipher Modes of Operation: Methods for Key Wrapping</em>. Its
				11	* purpose is to protect cryptographic keys.
				12	*
				13	* Its equivalent is RFC 3394 for KW, and RFC 5649 for KWP.
				14	* https://tools.ietf.org/html/rfc3394
				15	* https://tools.ietf.org/html/rfc5649
				16	*
				17	*/
				18	/*
				19	* Copyright (C) 2018, Arm Limited (or its affiliates), All Rights Reserved
Bence Szépkúti	f744bd7	2020-06-05 13:02:18 +0200	[diff] [blame^]	20	* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
				21	*
				22	* This file is provided under the Apache License 2.0, or the
				23	* GNU General Public License v2.0 or later.
				24	*
				25	* **********
				26	* Apache License 2.0:
Ron Eldor	466a57f	2018-05-03 16:54:28 +0300	[diff] [blame]	27	*
				28	* Licensed under the Apache License, Version 2.0 (the "License"); you may
				29	* not use this file except in compliance with the License.
				30	* You may obtain a copy of the License at
				31	*
				32	* http://www.apache.org/licenses/LICENSE-2.0
				33	*
				34	* Unless required by applicable law or agreed to in writing, software
				35	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				36	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				37	* See the License for the specific language governing permissions and
				38	* limitations under the License.
				39	*
Bence Szépkúti	f744bd7	2020-06-05 13:02:18 +0200	[diff] [blame^]	40	* **********
				41	*
				42	* **********
				43	* GNU General Public License v2.0 or later:
				44	*
				45	* This program is free software; you can redistribute it and/or modify
				46	* it under the terms of the GNU General Public License as published by
				47	* the Free Software Foundation; either version 2 of the License, or
				48	* (at your option) any later version.
				49	*
				50	* This program is distributed in the hope that it will be useful,
				51	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				52	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				53	* GNU General Public License for more details.
				54	*
				55	* You should have received a copy of the GNU General Public License along
				56	* with this program; if not, write to the Free Software Foundation, Inc.,
				57	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				58	*
				59	* **********
				60	*
Ron Eldor	466a57f	2018-05-03 16:54:28 +0300	[diff] [blame]	61	* This file is part of Mbed TLS (https://tls.mbed.org)
				62	*/
				63
				64	#ifndef MBEDTLS_NIST_KW_H
				65	#define MBEDTLS_NIST_KW_H
				66
Ron Eldor	9cbd1b2	2018-12-16 12:14:37 +0200	[diff] [blame]	67	#if !defined(MBEDTLS_CONFIG_FILE)
				68	#include "config.h"
				69	#else
				70	#include MBEDTLS_CONFIG_FILE
				71	#endif
				72
Ron Eldor	466a57f	2018-05-03 16:54:28 +0300	[diff] [blame]	73	#include "cipher.h"
				74
				75	#ifdef __cplusplus
				76	extern "C" {
				77	#endif
				78
				79	typedef enum
				80	{
				81	MBEDTLS_KW_MODE_KW = 0,
				82	MBEDTLS_KW_MODE_KWP = 1
				83	} mbedtls_nist_kw_mode_t;
				84
				85	#if !defined(MBEDTLS_NIST_KW_ALT)
				86	// Regular implementation
				87	//
				88
				89	/**
				90	* \brief The key wrapping context-type definition. The key wrapping context is passed
				91	* to the APIs called.
				92	*
				93	* \note The definition of this type may change in future library versions.
				94	* Don't make any assumptions on this context!
				95	*/
				96	typedef struct {
				97	mbedtls_cipher_context_t cipher_ctx; /!< The cipher context used. /
				98	} mbedtls_nist_kw_context;
				99
				100	#else /* MBEDTLS_NIST_key wrapping_ALT */
				101	#include "nist_kw_alt.h"
				102	#endif /* MBEDTLS_NIST_KW_ALT */
				103
				104	/**
				105	* \brief This function initializes the specified key wrapping context
				106	* to make references valid and prepare the context
				107	* for mbedtls_nist_kw_setkey() or mbedtls_nist_kw_free().
				108	*
				109	* \param ctx The key wrapping context to initialize.
				110	*
				111	*/
				112	void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx );
				113
				114	/**
				115	* \brief This function initializes the key wrapping context set in the
				116	* \p ctx parameter and sets the encryption key.
				117	*
				118	* \param ctx The key wrapping context.
				119	* \param cipher The 128-bit block cipher to use. Only AES is supported.
				120	* \param key The Key Encryption Key (KEK).
				121	* \param keybits The KEK size in bits. This must be acceptable by the cipher.
				122	* \param is_wrap Specify whether the operation within the context is wrapping or unwrapping
				123	*
				124	* \return \c 0 on success.
				125	* \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for any invalid input.
				126	* \return \c MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE for 128-bit block ciphers
				127	* which are not supported.
				128	* \return cipher-specific error code on failure of the underlying cipher.
				129	*/
				130	int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx,
				131	mbedtls_cipher_id_t cipher,
				132	const unsigned char *key,
				133	unsigned int keybits,
				134	const int is_wrap );
				135
				136	/**
				137	* \brief This function releases and clears the specified key wrapping context
				138	* and underlying cipher sub-context.
				139	*
				140	* \param ctx The key wrapping context to clear.
				141	*/
				142	void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx );
				143
				144	/**
				145	* \brief This function encrypts a buffer using key wrapping.
				146	*
				147	* \param ctx The key wrapping context to use for encryption.
				148	* \param mode The key wrapping mode to use (MBEDTLS_KW_MODE_KW or MBEDTLS_KW_MODE_KWP)
				149	* \param input The buffer holding the input data.
				150	* \param in_len The length of the input data in Bytes.
				151	* The input uses units of 8 Bytes called semiblocks.
				152	* <ul><li>For KW mode: a multiple of 8 bytes between 16 and 2^57-8 inclusive. </li>
				153	* <li>For KWP mode: any length between 1 and 2^32-1 inclusive.</li></ul>
				154	* \param[out] output The buffer holding the output data.
				155	* <ul><li>For KW mode: Must be at least 8 bytes larger than \p in_len.</li>
				156	* <li>For KWP mode: Must be at least 8 bytes larger rounded up to a multiple of
				157	* 8 bytes for KWP (15 bytes at most).</li></ul>
				158	* \param[out] out_len The number of bytes written to the output buffer. \c 0 on failure.
				159	* \param[in] out_size The capacity of the output buffer.
				160	*
				161	* \return \c 0 on success.
				162	* \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length.
				163	* \return cipher-specific error code on failure of the underlying cipher.
				164	*/
				165	int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
				166	const unsigned char *input, size_t in_len,
				167	unsigned char output, size_t out_len, size_t out_size );
				168
				169	/**
				170	* \brief This function decrypts a buffer using key wrapping.
				171	*
				172	* \param ctx The key wrapping context to use for decryption.
				173	* \param mode The key wrapping mode to use (MBEDTLS_KW_MODE_KW or MBEDTLS_KW_MODE_KWP)
				174	* \param input The buffer holding the input data.
				175	* \param in_len The length of the input data in Bytes.
				176	* The input uses units of 8 Bytes called semiblocks.
				177	* The input must be a multiple of semiblocks.
				178	* <ul><li>For KW mode: a multiple of 8 bytes between 24 and 2^57 inclusive. </li>
				179	* <li>For KWP mode: a multiple of 8 bytes between 16 and 2^32 inclusive.</li></ul>
				180	* \param[out] output The buffer holding the output data.
				181	* The output buffer's minimal length is 8 bytes shorter than \p in_len.
				182	* \param[out] out_len The number of bytes written to the output buffer. \c 0 on failure.
				183	* For KWP mode, the length could be up to 15 bytes shorter than \p in_len,
				184	* depending on how much padding was added to the data.
				185	* \param[in] out_size The capacity of the output buffer.
				186	*
				187	* \return \c 0 on success.
				188	* \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length.
				189	* \return \c MBEDTLS_ERR_CIPHER_AUTH_FAILED for verification failure of the ciphertext.
				190	* \return cipher-specific error code on failure of the underlying cipher.
				191	*/
				192	int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
				193	const unsigned char *input, size_t in_len,
				194	unsigned char output, size_t out_len, size_t out_size);
				195
				196
				197	#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
				198	/**
				199	* \brief The key wrapping checkup routine.
				200	*
				201	* \return \c 0 on success.
				202	* \return \c 1 on failure.
				203	*/
				204	int mbedtls_nist_kw_self_test( int verbose );
				205	#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
				206
				207	#ifdef __cplusplus
				208	}
				209	#endif
				210
				211	#endif /* MBEDTLS_NIST_KW_H */