Software APIs
sw
device
lib
crypto
impl
aes_kwp
aes_kwp.h
1
// Copyright lowRISC contributors (OpenTitan project).
2
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
3
// SPDX-License-Identifier: Apache-2.0
4
5
#ifndef OPENTITAN_SW_DEVICE_LIB_CRYPTO_IMPL_AES_KWP_AES_KWP_H_
6
#define OPENTITAN_SW_DEVICE_LIB_CRYPTO_IMPL_AES_KWP_AES_KWP_H_
7
8
#include <
stddef.h
>
9
#include <
stdint.h
>
10
11
#include "
sw/device/lib/base/hardened.h
"
12
#include "
sw/device/lib/base/macros.h
"
13
#include "sw/device/lib/crypto/drivers/aes.h"
14
15
#ifdef __cplusplus
16
extern
"C"
{
17
#endif
// __cplusplus
18
19
/**
20
* AES Key Wrapping with Padding (KWP) authenticated encryption.
21
*
22
* As defined by NIST SP800-38F (section 6.3, algorithm 5).
23
*
24
* The cipher block mode for the AES key should be ECB, since AES-KWP does not
25
* use an IV.
26
*
27
* The key material must be aligned to 32-bit word boundaries for hardening
28
* purposes. The length is still given in bytes, and bytes higher than the
29
* length are ignored (although they may be copied, so they should not be
30
* uninitialized). The plaintext must be at least 16 bytes long, and must be
31
* shorter than 2^32 bytes.
32
*
33
* The ciphertext buffer must be long enough to hold the *padded* version of
34
* the plaintext; this means the length should be rounded up to the next
35
* multiple of 64 bits. If the key length is a multiple of 64 bits, then the
36
* ciphertext and plaintext should be the same length.
37
*
38
* @param kek Key encryption key, AES key to encrypt with.
39
* @param plaintext Key material to wrap.
40
* @param plaintext_len Plaintext length in bytes.
41
* @param[out] ciphertext Output buffer.
42
* @return Error status; OK if no errors
43
*/
44
OT_WARN_UNUSED_RESULT
45
status_t
aes_kwp_wrap(
const
aes_key_t
kek,
const
uint32_t *plaintext,
46
const
size_t
plaintext_len, uint32_t *ciphertext);
47
48
/**
49
* AES Key Wrapping with Padding (KWP) authenticated decryption.
50
*
51
* As defined by NIST SP800-38F (section 6.3, algorithm 6).
52
*
53
* The cipher block mode for the AES key should be ECB, since AES-KWP does not
54
* use an IV.
55
*
56
* The key material must be aligned to 32-bit word boundaries for hardening
57
* purposes. The length is still given in bytes and bytes higher than the given
58
* length are ignored (although they may be copied, so they should not be
59
* uninitialized). The ciphertext must be at least 24 bytes long, and must be
60
* shorter than 2^32 bytes.
61
*
62
* The output buffer should be the same length as the ciphertext, even if the
63
* plaintext is not expected to be as long; this is because the implementation
64
* will internally use it as a working buffer.
65
*
66
* An OK status from this routine does NOT mean that the unwrapping succeeded,
67
* only that there were no errors during execution. The caller must check both
68
* the returned status and the `success` parameter before reading the
69
* plaintext.
70
*
71
* @param kek Key encryption key, AES key to decrypt with.
72
* @param ciphertext Key material to unwrap.
73
* @param ciphertext_len Ciphertext length in bytes.
74
* @param[out] success Whether the ciphertext was valid.
75
* @param[out] plaintext Output buffer, same length as ciphertext
76
* @return Error status; OK if no errors
77
*/
78
OT_WARN_UNUSED_RESULT
79
status_t
aes_kwp_unwrap(
const
aes_key_t
kek,
const
uint32_t *ciphertext,
80
const
size_t
ciphertext_len,
hardened_bool_t
*success,
81
uint32_t *plaintext);
82
83
#ifdef __cplusplus
84
}
// extern "C"
85
#endif
// __cplusplus
86
87
#endif
// OPENTITAN_SW_DEVICE_LIB_CRYPTO_IMPL_AES_KWP_AES_KWP_H_
Return to
OpenTitan Documentation
