/* * Implementation of NIST SP 800-38F key wrapping, supporting KW and KWP modes * only * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * Definition of Key Wrapping: * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf * RFC 3394 "Advanced Encryption Standard (AES) Key Wrap Algorithm" * RFC 5649 "Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm" * * Note: RFC 3394 defines different methodology for intermediate operations for * the wrapping and unwrapping operation than the definition in NIST SP 800-38F. */ #include "common.h" #if defined(MBEDTLS_NIST_KW_C) #include "mbedtls/nist_kw.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" #include "mbedtls/constant_time.h" #include "constant_time_internal.h" #include <stdint.h> #include <string.h> #include "mbedtls/platform.h" #if !defined(MBEDTLS_NIST_KW_ALT) #define KW_SEMIBLOCK_LENGTH … #define MIN_SEMIBLOCKS_COUNT … /*! The 64-bit default integrity check value (ICV) for KW mode. */ static const unsigned char NIST_KW_ICV1[] = …; /*! The 32-bit default integrity check value (ICV) for KWP mode. */ static const unsigned char NIST_KW_ICV2[] = …; /* * Initialize context */ void mbedtls_nist_kw_init(mbedtls_nist_kw_context *ctx) { … } int mbedtls_nist_kw_setkey(mbedtls_nist_kw_context *ctx, mbedtls_cipher_id_t cipher, const unsigned char *key, unsigned int keybits, const int is_wrap) { … } /* * Free context */ void mbedtls_nist_kw_free(mbedtls_nist_kw_context *ctx) { … } /* * Helper function for Xoring the uint64_t "t" with the encrypted A. * Defined in NIST SP 800-38F section 6.1 */ static void calc_a_xor_t(unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t) { … } /* * KW-AE as defined in SP 800-38F section 6.2 * KWP-AE as defined in SP 800-38F section 6.3 */ int mbedtls_nist_kw_wrap(mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode, const unsigned char *input, size_t in_len, unsigned char *output, size_t *out_len, size_t out_size) { … } /* * W-1 function as defined in RFC 3394 section 2.2.2 * This function assumes the following: * 1. Output buffer is at least of size ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH. * 2. The input buffer is of size semiblocks * KW_SEMIBLOCK_LENGTH. * 3. Minimal number of semiblocks is 3. * 4. A is a buffer to hold the first semiblock of the input buffer. */ static int unwrap(mbedtls_nist_kw_context *ctx, const unsigned char *input, size_t semiblocks, unsigned char A[KW_SEMIBLOCK_LENGTH], unsigned char *output, size_t *out_len) { … } /* * KW-AD as defined in SP 800-38F section 6.2 * KWP-AD as defined in SP 800-38F section 6.3 */ int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode, const unsigned char *input, size_t in_len, unsigned char *output, size_t *out_len, size_t out_size) { … } #endif /* !MBEDTLS_NIST_KW_ALT */ #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) /* * Test vectors taken from NIST * https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/CAVP-TESTING-BLOCK-CIPHER-MODES#KW */ static const unsigned int key_len[] = …; static const unsigned char kw_key[][32] = …; static const unsigned char kw_msg[][40] = …; static const size_t kw_msg_len[] = …; static const size_t kw_out_len[] = …; static const unsigned char kw_res[][48] = …; static const unsigned char kwp_key[][32] = …; static const unsigned char kwp_msg[][31] = …; static const size_t kwp_msg_len[] = …; static const unsigned char kwp_res[][48] = …; static const size_t kwp_out_len[] = …; int mbedtls_nist_kw_self_test(int verbose) { … } #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ #endif /* MBEDTLS_NIST_KW_C */
Codebase Browser
godot