/* * AES Key Wrap (RFC 3394) * (C) 2011 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #include #include #include namespace Botan { secure_vector rfc3394_keywrap(const secure_vector& key, const SymmetricKey& kek) { if(kek.size() != 16 && kek.size() != 24 && kek.size() != 32) throw Invalid_Argument("Bad KEK length " + std::to_string(kek.size()) + " for NIST key wrap"); const std::string cipher_name = "AES-" + std::to_string(8*kek.size()); std::unique_ptr aes(BlockCipher::create_or_throw(cipher_name)); aes->set_key(kek); std::vector wrapped = nist_key_wrap(key.data(), key.size(), *aes); return secure_vector(wrapped.begin(), wrapped.end()); } secure_vector rfc3394_keyunwrap(const secure_vector& key, const SymmetricKey& kek) { if(key.size() < 16 || key.size() % 8 != 0) throw Invalid_Argument("Bad input key size for NIST key unwrap"); if(kek.size() != 16 && kek.size() != 24 && kek.size() != 32) throw Invalid_Argument("Bad KEK length " + std::to_string(kek.size()) + " for NIST key unwrap"); const std::string cipher_name = "AES-" + std::to_string(8*kek.size()); std::unique_ptr aes(BlockCipher::create_or_throw(cipher_name)); aes->set_key(kek); return nist_key_unwrap(key.data(), key.size(), *aes); } }