View Source rfc3394 (rfc3394 v1.0.1)
Implementation of Advanced Encryption Standard (AES) Key Wrap Algorithm as defined in https://datatracker.ietf.org/doc/html/rfc3394.html.
Summary
Types
at least two 64 bit blocks ciphertext
64 bit Initial Value
128 bit or 192 bit or 256 bit AES key
at least one 64 bit block of plaintext
Functions
unwrap Ciphertext with KEK and check KeyData integrity with default
initial value (IV)
unwrap Ciphertext with KEK and check KeyData integrity with IV
wrap KeyData with KEK and default initial value (IV)
wrap KeyData with KEK and IV
Types
-type ciphertext() :: <<_:128, _:_*64>>.
at least two 64 bit blocks ciphertext
-type iv() :: <<_:64>>.
64 bit Initial Value
-type kek() :: <<_:128>> | <<_:192>> | <<_:256>>.
128 bit or 192 bit or 256 bit AES key
-type keyData() :: <<_:64, _:_*64>>.
at least one 64 bit block of plaintext
Functions
-spec unwrap(ciphertext(), kek()) -> keyData().
unwrap Ciphertext with KEK and check KeyData integrity with default
initial value (IV)
the resulting KeyData 8 bytes smaller than Ciphertext
Will raise an exception of class error with reason iv_mismatch if the
integrity check fails.
-spec unwrap(ciphertext(), kek(), iv()) -> keyData().
unwrap Ciphertext with KEK and check KeyData integrity with IV
the resulting KeyData 8 bytes smaller than Ciphertext
Will raise an exception of class error with reason iv_mismatch if the
integrity check fails.
see: https://datatracker.ietf.org/doc/html/rfc3394.txt#section-2.2.2 and https://datatracker.ietf.org/doc/html/rfc3394.txt#section-2.2.3
-spec wrap(keyData(), kek()) -> ciphertext().
wrap KeyData with KEK and default initial value (IV)
the resulting Ciphertext 8 bytes larger than KeyData
-spec wrap(keyData(), kek(), iv()) -> ciphertext().
wrap KeyData with KEK and IV
the resulting Ciphertext 8 bytes larger than KeyData
see: https://datatracker.ietf.org/doc/html/rfc3394.txt#section-2.2.1