aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-07-31 10:25:25 -0400
committerJack Lloyd <[email protected]>2017-07-31 10:25:25 -0400
commit274fe964858102c7e0d9077dacb882fa495980e3 (patch)
tree656428d356bd67bfa4591aee4989099519b182d2 /src
parent40f399c920c3516d66cbea977f1d38e55a1f7fb1 (diff)
parent240797c3558407283c16e6111e6a4b0dbca40e2a (diff)
Merge GH #1135 Add RFC 3394 keywrap to FFI
Diffstat (limited to 'src')
-rw-r--r--src/lib/ffi/ffi.cpp46
-rw-r--r--src/lib/ffi/ffi.h11
2 files changed, 57 insertions, 0 deletions
diff --git a/src/lib/ffi/ffi.cpp b/src/lib/ffi/ffi.cpp
index d99569778..d5bbe4896 100644
--- a/src/lib/ffi/ffi.cpp
+++ b/src/lib/ffi/ffi.cpp
@@ -90,6 +90,10 @@
#include <botan/tls_server.h>
#endif
+#if defined(BOTAN_HAS_RFC3394_KEYWRAP)
+ #include <botan/rfc3394.h>
+#endif
+
namespace {
#define BOTAN_ASSERT_ARG_NON_NULL(p) \
@@ -2665,6 +2669,48 @@ int botan_mceies_encrypt(botan_pubkey_t mce_key_obj,
}
}
+int botan_key_wrap3394( uint8_t key[], size_t key_len,
+ uint8_t kek[], size_t kek_len,
+ uint8_t wrapped_key[], size_t *wrapped_key_len)
+{
+#if defined(BOTAN_HAS_RFC3394_KEYWRAP)
+ try
+ {
+ const Botan::SymmetricKey kek_sym(kek, kek_len);
+ const Botan::secure_vector<uint8_t> key_pt(key, key + key_len);
+ const Botan::secure_vector<uint8_t> key_ct = Botan::rfc3394_keywrap(key_pt, kek_sym);
+ return write_vec_output(wrapped_key, wrapped_key_len, key_ct);
+ }
+ catch(std::exception &e)
+ {
+ return ffi_error_exception_thrown(e.what());
+ }
+#else
+ return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
+#endif
+}
+
+int botan_key_unwrap3394( uint8_t wrapped_key[], size_t wrapped_key_len,
+ uint8_t kek[], size_t kek_len,
+ uint8_t key[], size_t *key_len)
+{
+#if defined(BOTAN_HAS_RFC3394_KEYWRAP)
+ try
+ {
+ const Botan::SymmetricKey kek_sym(kek, kek_len);
+ const Botan::secure_vector<uint8_t> key_ct(wrapped_key, wrapped_key + wrapped_key_len);
+ const Botan::secure_vector<uint8_t> key_pt = Botan::rfc3394_keyunwrap(key_ct, kek_sym);
+ return write_vec_output(key, key_len, key_pt);
+ }
+ catch(std::exception &e)
+ {
+ return ffi_error_exception_thrown(e.what());
+ }
+#else
+ return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
+#endif
+}
+
/*
int botan_tls_channel_init_client(botan_tls_channel_t* channel,
botan_tls_channel_output_fn output_fn,
diff --git a/src/lib/ffi/ffi.h b/src/lib/ffi/ffi.h
index 4a7723974..cbe883f8d 100644
--- a/src/lib/ffi/ffi.h
+++ b/src/lib/ffi/ffi.h
@@ -1049,6 +1049,17 @@ enum botan_x509_cert_key_constraints {
BOTAN_DLL int botan_x509_cert_allowed_usage(botan_x509_cert_t cert, unsigned int key_usage);
+/**
+ * Key wrapping as per RFC 3394
+ */
+BOTAN_DLL int botan_key_wrap3394(uint8_t key[], size_t key_len,
+ uint8_t kek[], size_t kek_len,
+ uint8_t wrapped_key[], size_t *wrapped_key_len);
+
+BOTAN_DLL int botan_key_unwrap3394( uint8_t wrapped_key[], size_t wrapped_key_len,
+ uint8_t kek[], size_t kek_len,
+ uint8_t key[], size_t *key_len);
+
/*
* TLS (WIP)
*/