From 401965f1e9f74b43c88477d2ff6ac4d6c62ab5a8 Mon Sep 17 00:00:00 2001 From: Paul Selkirk Date: Tue, 28 Apr 2020 12:11:49 -0400 Subject: The new keywrap core now talks directly to the MKM, so I split the code that talks to that core out of aes_keywrap.c. The HSM will now be built with just the keywrap core, with no user access to aes or mkmif. --- hal.h | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to 'hal.h') diff --git a/hal.h b/hal.h index a03c891..6ed8c9d 100644 --- a/hal.h +++ b/hal.h @@ -380,8 +380,6 @@ extern const hal_hash_descriptor_t *hal_hmac_get_descriptor(const hal_hmac_state * AES key wrap functions. */ -extern hal_error_t hal_aes_use_keywrap_core(int onoff); - extern hal_error_t hal_aes_keywrap(hal_core_t *core, const uint8_t *kek, const size_t kek_length, const uint8_t *plaintext, const size_t plaintext_length, @@ -394,6 +392,26 @@ extern hal_error_t hal_aes_keyunwrap(hal_core_t *core, extern size_t hal_aes_keywrap_ciphertext_length(const size_t plaintext_length); +/* + * New keywrap functions + */ + +extern hal_error_t hal_keywrap_mkm_status(hal_core_t *core); + +extern hal_error_t hal_keywrap_mkm_write(hal_core_t *core, const uint8_t *K, const size_t K_len); + +extern hal_error_t hal_keywrap_mkm_erase(hal_core_t *core, const size_t K_len); + +extern hal_error_t hal_keywrap_wrap(hal_core_t *core, + const uint8_t *kek, const size_t kek_length, + const uint8_t *plaintext, const size_t plaintext_length, + uint8_t *cyphertext, size_t *ciphertext_length); + +extern hal_error_t hal_keywrap_unwrap(hal_core_t *core, + const uint8_t *kek, const size_t kek_length, + const uint8_t *ciphertext, const size_t ciphertext_length, + uint8_t *plaintext, size_t *plaintext_length); + /* * PBKDF2 function. Uses HMAC with the specified digest algorithm as * the pseudo-random function (PRF). -- cgit v1.2.3