1*12720SWyllys.Ingersoll@Sun.COM /* 2*12720SWyllys.Ingersoll@Sun.COM * CDDL HEADER START 3*12720SWyllys.Ingersoll@Sun.COM * 4*12720SWyllys.Ingersoll@Sun.COM * The contents of this file are subject to the terms of the 5*12720SWyllys.Ingersoll@Sun.COM * Common Development and Distribution License (the "License"). 6*12720SWyllys.Ingersoll@Sun.COM * You may not use this file except in compliance with the License. 7*12720SWyllys.Ingersoll@Sun.COM * 8*12720SWyllys.Ingersoll@Sun.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*12720SWyllys.Ingersoll@Sun.COM * or http://www.opensolaris.org/os/licensing. 10*12720SWyllys.Ingersoll@Sun.COM * See the License for the specific language governing permissions 11*12720SWyllys.Ingersoll@Sun.COM * and limitations under the License. 12*12720SWyllys.Ingersoll@Sun.COM * 13*12720SWyllys.Ingersoll@Sun.COM * When distributing Covered Code, include this CDDL HEADER in each 14*12720SWyllys.Ingersoll@Sun.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*12720SWyllys.Ingersoll@Sun.COM * If applicable, add the following below this CDDL HEADER, with the 16*12720SWyllys.Ingersoll@Sun.COM * fields enclosed by brackets "[]" replaced with your own identifying 17*12720SWyllys.Ingersoll@Sun.COM * information: Portions Copyright [yyyy] [name of copyright owner] 18*12720SWyllys.Ingersoll@Sun.COM * 19*12720SWyllys.Ingersoll@Sun.COM * CDDL HEADER END 20*12720SWyllys.Ingersoll@Sun.COM */ 21*12720SWyllys.Ingersoll@Sun.COM 22*12720SWyllys.Ingersoll@Sun.COM /* 23*12720SWyllys.Ingersoll@Sun.COM * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. 24*12720SWyllys.Ingersoll@Sun.COM */ 25*12720SWyllys.Ingersoll@Sun.COM 26*12720SWyllys.Ingersoll@Sun.COM /* 27*12720SWyllys.Ingersoll@Sun.COM * \file KMSAgentAESKeyWrap.h 28*12720SWyllys.Ingersoll@Sun.COM */ 29*12720SWyllys.Ingersoll@Sun.COM 30*12720SWyllys.Ingersoll@Sun.COM #ifndef KMSAgentAESKeyWrap_H 31*12720SWyllys.Ingersoll@Sun.COM #define KMSAgentAESKeyWrap_H 32*12720SWyllys.Ingersoll@Sun.COM 33*12720SWyllys.Ingersoll@Sun.COM #ifdef WIN32 34*12720SWyllys.Ingersoll@Sun.COM #include <string.h> 35*12720SWyllys.Ingersoll@Sun.COM typedef unsigned char uint8_t; 36*12720SWyllys.Ingersoll@Sun.COM typedef unsigned short uint16_t; 37*12720SWyllys.Ingersoll@Sun.COM typedef unsigned int uint32_t; 38*12720SWyllys.Ingersoll@Sun.COM typedef unsigned long long uint64_t; 39*12720SWyllys.Ingersoll@Sun.COM #endif 40*12720SWyllys.Ingersoll@Sun.COM 41*12720SWyllys.Ingersoll@Sun.COM #ifdef __cplusplus 42*12720SWyllys.Ingersoll@Sun.COM extern "C" { 43*12720SWyllys.Ingersoll@Sun.COM #endif 44*12720SWyllys.Ingersoll@Sun.COM 45*12720SWyllys.Ingersoll@Sun.COM /** 46*12720SWyllys.Ingersoll@Sun.COM * AES Key Wrap (see RFC 3394). No logging is performed since this 47*12720SWyllys.Ingersoll@Sun.COM * functions must execute in a Known Answer Test prior to 48*12720SWyllys.Ingersoll@Sun.COM * #KMSAgent_InitializeLibrary. 49*12720SWyllys.Ingersoll@Sun.COM * @param kek The AES symmetric key-encryption key 50*12720SWyllys.Ingersoll@Sun.COM * @param kek_len The size, in bytes, of the KEK 51*12720SWyllys.Ingersoll@Sun.COM * @param pt The plain text key to be AES key wrapped 52*12720SWyllys.Ingersoll@Sun.COM * @param len The "n" parameter from RFC3394, i.e. the number of 64-bit key data 53*12720SWyllys.Ingersoll@Sun.COM * blocks. For example, with 256 bit plain text keys n=4. 54*12720SWyllys.Ingersoll@Sun.COM * @param ct The resulting AES wrapped key. The size of ct needs to allow 55*12720SWyllys.Ingersoll@Sun.COM * for the 64-bit integrity check value, i.e. sizeof(pt+8) 56*12720SWyllys.Ingersoll@Sun.COM */ 57*12720SWyllys.Ingersoll@Sun.COM void aes_key_wrap (const uint8_t *kek, 58*12720SWyllys.Ingersoll@Sun.COM size_t kek_len, 59*12720SWyllys.Ingersoll@Sun.COM const uint8_t *pt, 60*12720SWyllys.Ingersoll@Sun.COM size_t len, 61*12720SWyllys.Ingersoll@Sun.COM uint8_t *ct); 62*12720SWyllys.Ingersoll@Sun.COM 63*12720SWyllys.Ingersoll@Sun.COM /** 64*12720SWyllys.Ingersoll@Sun.COM * AES Key Unwrap (see RFC 3394). No logging is performed since this 65*12720SWyllys.Ingersoll@Sun.COM * functions must execute in a Known Answer Test prior to 66*12720SWyllys.Ingersoll@Sun.COM * #KMSAgent_InitializeLibrary. 67*12720SWyllys.Ingersoll@Sun.COM * @param kek The AES symmetric key-encryption key 68*12720SWyllys.Ingersoll@Sun.COM * @param kek_len The size, in bytes, of the KEK 69*12720SWyllys.Ingersoll@Sun.COM * @param ct The AES wrapped key. 70*12720SWyllys.Ingersoll@Sun.COM * @param pt The resulting, unwrapped, plain text key. 71*12720SWyllys.Ingersoll@Sun.COM * @param len The "n" parameter from RFC3394, i.e. the number of 64-bit key data 72*12720SWyllys.Ingersoll@Sun.COM * blocks. For example, with 256 bit plain text keys n=4. 73*12720SWyllys.Ingersoll@Sun.COM * @return 0 on success, non-zero otherwise 74*12720SWyllys.Ingersoll@Sun.COM */ 75*12720SWyllys.Ingersoll@Sun.COM int aes_key_unwrap (const uint8_t *kek, 76*12720SWyllys.Ingersoll@Sun.COM size_t kek_len, 77*12720SWyllys.Ingersoll@Sun.COM const uint8_t *ct, 78*12720SWyllys.Ingersoll@Sun.COM uint8_t *pt, 79*12720SWyllys.Ingersoll@Sun.COM size_t len); 80*12720SWyllys.Ingersoll@Sun.COM 81*12720SWyllys.Ingersoll@Sun.COM #ifdef __cplusplus 82*12720SWyllys.Ingersoll@Sun.COM } 83*12720SWyllys.Ingersoll@Sun.COM #endif 84*12720SWyllys.Ingersoll@Sun.COM 85*12720SWyllys.Ingersoll@Sun.COM #endif /* KMSAgentAESKeyWrap_H */ 86