aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKrzysztof Kwiatkowski <[email protected]>2017-06-29 23:20:08 +0100
committerKrzysztof Kwiatkowski <[email protected]>2017-06-29 23:20:56 +0100
commitd11a550415f1c359cd483c1992ea04b911fbdc2c (patch)
tree86839715144895ab0834a493270a8e6fa6b32ea0
parent62c94693cb1cf5ddc5e8e43a787561e7d8351258 (diff)
FFI: Add interface for key wrapping with RFC 3394
-rw-r--r--src/lib/ffi/ffi.cpp46
-rw-r--r--src/lib/ffi/ffi.h11
2 files changed, 57 insertions, 0 deletions
diff --git a/src/lib/ffi/ffi.cpp b/src/lib/ffi/ffi.cpp
index f46d7ec11..44caaddca 100644
--- a/src/lib/ffi/ffi.cpp
+++ b/src/lib/ffi/ffi.cpp
@@ -86,6 +86,10 @@
#include <botan/tls_server.h>
#endif
+#if defined(BOTAN_HAS_RFC3394_KEYWRAP)
+ #include <botan/rfc3394.h>
+#endif
+
namespace {
#define BOTAN_ASSERT_ARG_NON_NULL(p) \
@@ -2589,6 +2593,48 @@ int botan_mceies_encrypt(botan_pubkey_t mce_key_obj,
}
}
+int botan_key_wrap3394( uint8_t key[], size_t key_len,
+ uint8_t kek[], size_t kek_len,
+ uint8_t wrapped_key[], size_t *wrapped_key_len)
+{
+#if defined(BOTAN_HAS_RFC3394_KEYWRAP)
+ try
+ {
+ const Botan::SymmetricKey kek_sym(kek, kek_len);
+ const Botan::secure_vector<uint8_t> key_pt(key, key + key_len);
+ const Botan::secure_vector<uint8_t> key_ct = Botan::rfc3394_keywrap(key_pt, kek_sym);
+ return write_vec_output(wrapped_key, wrapped_key_len, key_ct);
+ }
+ catch(std::exception &e)
+ {
+ return ffi_error_exception_thrown(e.what());
+ }
+#else
+ return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
+#endif
+}
+
+int botan_key_unwrap3394( uint8_t wrapped_key[], size_t wrapped_key_len,
+ uint8_t kek[], size_t kek_len,
+ uint8_t key[], size_t *key_len)
+{
+#if defined(BOTAN_HAS_RFC3394_KEYWRAP)
+ try
+ {
+ const Botan::SymmetricKey kek_sym(kek, kek_len);
+ const Botan::secure_vector<uint8_t> key_ct(wrapped_key, wrapped_key + wrapped_key_len);
+ const Botan::secure_vector<uint8_t> key_pt = Botan::rfc3394_keyunwrap(key_ct, kek_sym);
+ return write_vec_output(key, key_len, key_pt);
+ }
+ catch(std::exception &e)
+ {
+ return ffi_error_exception_thrown(e.what());
+ }
+#else
+ return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
+#endif
+}
+
/*
int botan_tls_channel_init_client(botan_tls_channel_t* channel,
botan_tls_channel_output_fn output_fn,
diff --git a/src/lib/ffi/ffi.h b/src/lib/ffi/ffi.h
index a179e5fa4..656b020c1 100644
--- a/src/lib/ffi/ffi.h
+++ b/src/lib/ffi/ffi.h
@@ -1099,6 +1099,17 @@ BOTAN_DLL int botan_tls_channel_close(botan_tls_channel_t chan);
BOTAN_DLL int botan_tls_channel_destroy(botan_tls_channel_t chan);
+/**
+ * Key wrapping as per RFC 3394
+ */
+BOTAN_DLL int botan_key_wrap3394(uint8_t key[], size_t key_len,
+ uint8_t kek[], size_t kek_len,
+ uint8_t wrapped_key[], size_t *wrapped_key_len);
+
+BOTAN_DLL int botan_key_unwrap3394( uint8_t wrapped_key[], size_t wrapped_key_len,
+ uint8_t kek[], size_t kek_len,
+ uint8_t key[], size_t *key_len);
+
#endif
#ifdef __cplusplus
}