CommonSymmetricKeywrap.c [plain text]
#include <CommonCrypto/CommonSymmetricKeywrap.h>
#include <CommonCrypto/CommonCryptor.h>
#include "CommonCryptorPriv.h"
#include <AssertMacros.h>
#include "ccdebug.h"
#include <corecrypto/ccwrap.h>
static const uint8_t rfc3394_iv_data[] = {
0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6
};
const uint8_t * const CCrfc3394_iv = rfc3394_iv_data;
const size_t CCrfc3394_ivLen = sizeof(rfc3394_iv_data);
int
CCSymmetricKeyWrap( CCWrappingAlgorithm __unused algorithm,
const uint8_t *iv __unused, const size_t ivLen __unused,
const uint8_t *kek, size_t kekLen,
const uint8_t *rawKey, size_t rawKeyLen,
uint8_t *wrappedKey, size_t *wrappedKeyLen)
{
CC_DEBUG_LOG("Entering\n");
int err = kCCUnspecifiedError;
const struct ccmode_ecb *ccmode = getCipherMode(kCCAlgorithmAES128, kCCModeECB, kCCEncrypt).ecb;
ccecb_ctx_decl(ccmode->size, ctx);
require_action((kekLen == CCAES_KEY_SIZE_128 ||
kekLen == CCAES_KEY_SIZE_192 ||
kekLen == CCAES_KEY_SIZE_256),
out, err = kCCParamError);
require_action(wrappedKeyLen && (*wrappedKeyLen >= ccwrap_wrapped_size(rawKeyLen)), out, err = kCCParamError);
ccmode->init(ccmode, ctx, kekLen, kek);
require_action(ccwrap_auth_encrypt(ccmode, ctx, rawKeyLen, rawKey, wrappedKeyLen, wrappedKey) == CCERR_OK, out, err = kCCParamError);
err = kCCSuccess;
out:
ccecb_ctx_clear(ccmode->size, ctx);
return err;
}
int
CCSymmetricKeyUnwrap(CCWrappingAlgorithm __unused algorithm,
const uint8_t *iv __unused, const size_t ivLen __unused,
const uint8_t *kek, size_t kekLen,
const uint8_t *wrappedKey, size_t wrappedKeyLen,
uint8_t *rawKey, size_t *rawKeyLen)
{
CC_DEBUG_LOG("Entering\n");
int err = kCCUnspecifiedError;
const struct ccmode_ecb *ccmode = getCipherMode(kCCAlgorithmAES128, kCCModeECB, kCCDecrypt).ecb;
ccecb_ctx_decl(ccmode->size, ctx);
require_action((kekLen == CCAES_KEY_SIZE_128 ||
kekLen == CCAES_KEY_SIZE_192 ||
kekLen == CCAES_KEY_SIZE_256),
out, err = kCCParamError);
require_action(rawKeyLen && (*rawKeyLen >= ccwrap_unwrapped_size(wrappedKeyLen)), out, err = kCCParamError);
ccmode->init(ccmode, ctx, kekLen, kek);
require_action(ccwrap_auth_decrypt(ccmode, ctx, wrappedKeyLen, wrappedKey, rawKeyLen, rawKey) == CCERR_OK, out, err = kCCDecodeError);
err = kCCSuccess;
out:
ccecb_ctx_clear(ccmode->size, ctx);
return err;
}
size_t
CCSymmetricWrappedSize(CCWrappingAlgorithm __unused algorithm, size_t rawKeyLen)
{
CC_DEBUG_LOG("Entering\n");
return ccwrap_wrapped_size(rawKeyLen);
}
size_t
CCSymmetricUnwrappedSize(CCWrappingAlgorithm __unused algorithm, size_t wrappedKeyLen)
{
CC_DEBUG_LOG("Entering\n");
return ccwrap_unwrapped_size(wrappedKeyLen);
}