diff options
author | Krzysztof Kwiatkowski <[email protected]> | 2017-06-29 23:20:08 +0100 |
---|---|---|
committer | Krzysztof Kwiatkowski <[email protected]> | 2017-06-29 23:20:56 +0100 |
commit | d11a550415f1c359cd483c1992ea04b911fbdc2c (patch) | |
tree | 86839715144895ab0834a493270a8e6fa6b32ea0 | |
parent | 62c94693cb1cf5ddc5e8e43a787561e7d8351258 (diff) |
FFI: Add interface for key wrapping with RFC 3394
-rw-r--r-- | src/lib/ffi/ffi.cpp | 46 | ||||
-rw-r--r-- | src/lib/ffi/ffi.h | 11 |
2 files changed, 57 insertions, 0 deletions
diff --git a/src/lib/ffi/ffi.cpp b/src/lib/ffi/ffi.cpp index f46d7ec11..44caaddca 100644 --- a/src/lib/ffi/ffi.cpp +++ b/src/lib/ffi/ffi.cpp @@ -86,6 +86,10 @@ #include <botan/tls_server.h> #endif +#if defined(BOTAN_HAS_RFC3394_KEYWRAP) + #include <botan/rfc3394.h> +#endif + namespace { #define BOTAN_ASSERT_ARG_NON_NULL(p) \ @@ -2589,6 +2593,48 @@ int botan_mceies_encrypt(botan_pubkey_t mce_key_obj, } } +int botan_key_wrap3394( uint8_t key[], size_t key_len, + uint8_t kek[], size_t kek_len, + uint8_t wrapped_key[], size_t *wrapped_key_len) +{ +#if defined(BOTAN_HAS_RFC3394_KEYWRAP) + try + { + const Botan::SymmetricKey kek_sym(kek, kek_len); + const Botan::secure_vector<uint8_t> key_pt(key, key + key_len); + const Botan::secure_vector<uint8_t> key_ct = Botan::rfc3394_keywrap(key_pt, kek_sym); + return write_vec_output(wrapped_key, wrapped_key_len, key_ct); + } + catch(std::exception &e) + { + return ffi_error_exception_thrown(e.what()); + } +#else + return BOTAN_FFI_ERROR_NOT_IMPLEMENTED; +#endif +} + +int botan_key_unwrap3394( uint8_t wrapped_key[], size_t wrapped_key_len, + uint8_t kek[], size_t kek_len, + uint8_t key[], size_t *key_len) +{ +#if defined(BOTAN_HAS_RFC3394_KEYWRAP) + try + { + const Botan::SymmetricKey kek_sym(kek, kek_len); + const Botan::secure_vector<uint8_t> key_ct(wrapped_key, wrapped_key + wrapped_key_len); + const Botan::secure_vector<uint8_t> key_pt = Botan::rfc3394_keyunwrap(key_ct, kek_sym); + return write_vec_output(key, key_len, key_pt); + } + catch(std::exception &e) + { + return ffi_error_exception_thrown(e.what()); + } +#else + return BOTAN_FFI_ERROR_NOT_IMPLEMENTED; +#endif +} + /* int botan_tls_channel_init_client(botan_tls_channel_t* channel, botan_tls_channel_output_fn output_fn, diff --git a/src/lib/ffi/ffi.h b/src/lib/ffi/ffi.h index a179e5fa4..656b020c1 100644 --- a/src/lib/ffi/ffi.h +++ b/src/lib/ffi/ffi.h @@ -1099,6 +1099,17 @@ BOTAN_DLL int botan_tls_channel_close(botan_tls_channel_t chan); BOTAN_DLL int botan_tls_channel_destroy(botan_tls_channel_t chan); +/** + * Key wrapping as per RFC 3394 + */ +BOTAN_DLL int botan_key_wrap3394(uint8_t key[], size_t key_len, + uint8_t kek[], size_t kek_len, + uint8_t wrapped_key[], size_t *wrapped_key_len); + +BOTAN_DLL int botan_key_unwrap3394( uint8_t wrapped_key[], size_t wrapped_key_len, + uint8_t kek[], size_t kek_len, + uint8_t key[], size_t *key_len); + #endif #ifdef __cplusplus } |