diff --git a/aws-lc-rs/src/key_wrap.rs b/aws-lc-rs/src/key_wrap.rs index 21761a88de3..4a033261b89 100644 --- a/aws-lc-rs/src/key_wrap.rs +++ b/aws-lc-rs/src/key_wrap.rs @@ -1,13 +1,13 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -//! Key Wrap Algorithm [NIST SP 800-38F](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf) +//! Key Wrap Algorithms. //! //! # Examples //! ```rust //! # use std::error::Error; //! # fn main() -> Result<(), Box> { -//! use aws_lc_rs::key_wrap::{KeyEncryptionKey, WrappingMode, AES_128}; +//! use aws_lc_rs::key_wrap::{nist_sp_800_38f::AesKek, KeyWrapPadded, AES_128}; //! //! const KEY: &[u8] = &[ //! 0xa8, 0xe0, 0x6d, 0xa6, 0x25, 0xa6, 0x5b, 0x25, 0xcf, 0x50, 0x30, 0x82, 0x68, 0x30, 0xb6, @@ -15,45 +15,59 @@ //! ]; //! const PLAINTEXT: &[u8] = &[0x43, 0xac, 0xff, 0x29, 0x31, 0x20, 0xdd, 0x5d]; //! -//! let kek = KeyEncryptionKey::new(&AES_128, KEY, WrappingMode::Padded)?; +//! let kek = AesKek::new(&AES_128, KEY)?; //! //! let mut output = vec![0u8; PLAINTEXT.len() + 15]; //! -//! let ciphertext = kek.wrap(PLAINTEXT, &mut output)?; +//! let ciphertext = kek.wrap_with_padding(PLAINTEXT, &mut output)?; //! -//! let kek = KeyEncryptionKey::new(&AES_128, KEY, WrappingMode::Padded)?; +//! let kek = AesKek::new(&AES_128, KEY)?; //! //! let mut output = vec![0u8; ciphertext.len()]; //! -//! let plaintext = kek.unwrap(&*ciphertext, &mut output)?; +//! let plaintext = kek.unwrap_with_padding(&*ciphertext, &mut output)?; //! //! assert_eq!(PLAINTEXT, plaintext); -//! -//! Ok(()) +//! # Ok(()) //! # } //! ``` -use std::{fmt::Debug, mem::MaybeUninit, ptr::null}; - -use aws_lc::{ - AES_set_decrypt_key, AES_set_encrypt_key, AES_unwrap_key, AES_unwrap_key_padded, AES_wrap_key, - AES_wrap_key_padded, AES_KEY, -}; +use core::fmt::Debug; -use crate::{error::Unspecified, fips::indicator_check}; +use crate::{error::Unspecified, sealed::Sealed}; mod tests; -/// The Key Wrapping Algorithm -pub struct Algorithm { - id: AlgorithmId, +/// The Key Wrapping Algorithm Identifier +#[derive(Debug, PartialEq, Eq, Clone, Copy)] +#[non_exhaustive] +pub enum BlockCipherId { + /// AES Block Cipher with 128-bit key. + Aes128, + + /// AES Block Cipher with 256-bit key. + Aes256, +} + +/// A key wrap block cipher. +pub trait BlockCipher: 'static + Debug + Sealed { + /// The block cipher identifier. + fn id(&self) -> BlockCipherId; + + /// The key size in bytes to be used with the block cipher. + fn key_len(&self) -> usize; +} + +/// An AES Block Cipher +pub struct AesBlockCipher { + id: BlockCipherId, key_len: usize, } -impl Algorithm { +impl BlockCipher for AesBlockCipher { /// Returns the algorithm identifier. #[inline] #[must_use] - pub fn id(&self) -> AlgorithmId { + fn id(&self) -> BlockCipherId { self.id } @@ -65,290 +79,346 @@ impl Algorithm { } } -impl Debug for Algorithm { - fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { +impl Sealed for AesBlockCipher {} + +impl Debug for AesBlockCipher { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> std::fmt::Result { Debug::fmt(&self.id, f) } } -/// The Key Wrapping Algorithm Identifier -#[derive(Debug, PartialEq, Eq, Clone, Copy)] -pub enum AlgorithmId { - /// AES-128 Key Wrap - Aes128, - - /// AES-256 Key Wrap - Aes256, -} - -/// AES-128 Key Wrapping -pub const AES_128: Algorithm = Algorithm { - id: AlgorithmId::Aes128, +/// AES Block Cipher with 128-bit key. +pub const AES_128: AesBlockCipher = AesBlockCipher { + id: BlockCipherId::Aes128, key_len: 16, }; -/// AES-256 Key Wrapping -pub const AES_256: Algorithm = Algorithm { - id: AlgorithmId::Aes256, +/// AES Block Cipher with 256-bit key. +pub const AES_256: AesBlockCipher = AesBlockCipher { + id: BlockCipherId::Aes256, key_len: 32, }; -/// The mode of operation for the wrapping algorithm. -#[derive(Debug, PartialEq, Eq, Clone, Copy)] -pub enum WrappingMode { - /// Key Wrap with Padding - Padded, +/// A Key Wrap (KW) algorithm implementation. +#[allow(clippy::module_name_repetitions)] +pub trait KeyWrap: Sealed { + /// Peforms the key wrap encryption algorithm using a block cipher. + /// It wraps `plaintext` and writes the corresponding ciphertext to `output`. + /// + /// # Errors + /// * [`Unspecified`]: Any error that has occurred performing the operation. + fn wrap<'output>( + self, + plaintext: &[u8], + output: &'output mut [u8], + ) -> Result<&'output mut [u8], Unspecified>; - /// Key Wrap - Unpadded, + /// Peforms the key wrap decryption algorithm using a block cipher. + /// It unwraps `ciphertext` and writes the corresponding plaintext to `output`. + /// + /// # Errors + /// * [`Unspecified`]: Any error that has occurred performing the operation. + fn unwrap<'output>( + self, + ciphertext: &[u8], + output: &'output mut [u8], + ) -> Result<&'output mut [u8], Unspecified>; } -impl WrappingMode { - fn wrap<'output>( +/// A Key Wrap with Padding (KWP) algorithm implementation. +#[allow(clippy::module_name_repetitions)] +pub trait KeyWrapPadded: Sealed { + /// Peforms the key wrap padding encryption algorithm using a block cipher. + /// It wraps and pads `plaintext` writes the corresponding ciphertext to `output`. + /// + /// # Errors + /// * [`Unspecified`]: Any error that has occurred performing the operation. + fn wrap_with_padding<'output>( self, - key: &[u8], - input: &[u8], + plaintext: &[u8], output: &'output mut [u8], - ) -> Result<&'output mut [u8], Unspecified> { - // For most checks we can count on AWS-LC, but in this instance - // it expects that output is sufficiently sized. So we must check it here. - if self == WrappingMode::Unpadded && output.len() < input.len() + 8 { - return Err(Unspecified); - } + ) -> Result<&'output mut [u8], Unspecified>; - let mut aes_key = MaybeUninit::::uninit(); + /// Peforms the key wrap padding decryption algorithm using a block cipher. + /// It unwraps the padded `ciphertext` and writes the corresponding plaintext to `output`. + /// + /// # Errors + /// * [`Unspecified`]: Any error that has occurred performing the operation. + fn unwrap_with_padding<'output>( + self, + ciphertext: &[u8], + output: &'output mut [u8], + ) -> Result<&'output mut [u8], Unspecified>; +} - let key_bits: u32 = (key.len() * 8).try_into().map_err(|_| Unspecified)?; +/// NIST SP 800-38F key-wrap algorithms. +/// +/// The NIST specification is similar to that of RFC 3394 but with the following caveats: +/// * Specifies a maxiumum plaintext length that can be accepted. +/// * Allows implementations to specify a subset of valid lengths accepted. +/// * Allows for the usage of other 128-bit block ciphers other than AES. +pub mod nist_sp_800_38f { + use super::{AesBlockCipher, BlockCipher, BlockCipherId, KeyWrap, KeyWrapPadded}; + use crate::{error::Unspecified, fips::indicator_check, sealed::Sealed}; + use aws_lc::{ + AES_set_decrypt_key, AES_set_encrypt_key, AES_unwrap_key, AES_unwrap_key_padded, + AES_wrap_key, AES_wrap_key_padded, AES_KEY, + }; + use core::{fmt::Debug, mem::MaybeUninit, ptr::null}; + + /// AES Key Encryption Key. + pub type AesKek = KeyEncryptionKey; + + /// The key-encryption key used with the selected cipher algorithn to wrap or unwrap a key. + pub struct KeyEncryptionKey { + cipher: &'static Cipher, + key: Box<[u8]>, + } - if 0 != unsafe { AES_set_encrypt_key(key.as_ptr(), key_bits, aes_key.as_mut_ptr()) } { - return Err(Unspecified); + impl KeyEncryptionKey { + /// Construct a new Key Encryption Key. + /// + /// # Errors + /// * [`Unspecified`]: Any error that occurs constructing the key encryption key. + pub fn new(cipher: &'static Cipher, key: &[u8]) -> Result { + if key.len() != cipher.key_len() { + return Err(Unspecified); + } + + let key = Vec::from(key).into_boxed_slice(); + + Ok(Self { cipher, key }) } - let aes_key = unsafe { aes_key.assume_init() }; - - let out_len = match self { - WrappingMode::Padded => { - let mut out_len: usize = 0; - - // AWS-LC validates the following: - // * in_len != 0 - // * in_len <= INT_MAX - // * max_out >= required_padding + 8 - if 1 != indicator_check!(unsafe { - AES_wrap_key_padded( - &aes_key, - output.as_mut_ptr(), - &mut out_len, - output.len(), - input.as_ptr(), - input.len(), - ) - }) { - return Err(Unspecified); - } - - out_len + /// Returns the block cipher algorithm identifier configured for the key. + #[must_use] + pub fn block_cipher_id(&self) -> BlockCipherId { + self.cipher.id() + } + } + + impl Sealed for KeyEncryptionKey {} + + impl KeyWrap for KeyEncryptionKey { + /// Peforms the key wrap encryption algorithm using `KeyEncryptionKey`'s configured block cipher. + /// It wraps `plaintext` and writes the corresponding ciphertext to `output`. + /// + /// # Validation + /// * `plaintext.len()` must be a multiple of eight + /// * `output.len() >= (input.len() + 8)` + /// + /// # Errors + /// * [`Unspecified`]: An error occurred either due to `output` being insufficiently sized, `input` exceeding + /// the allowed input size, or for other unspecified reasons. + fn wrap<'output>( + self, + plaintext: &[u8], + output: &'output mut [u8], + ) -> Result<&'output mut [u8], Unspecified> { + if output.len() < plaintext.len() + 8 { + return Err(Unspecified); } - WrappingMode::Unpadded => { - // AWS-LC validates the following: - // * in_len <= INT_MAX - 8 - // * in_len >= 16 - // * in_len % 8 == 0 - let out_len = indicator_check!(unsafe { - AES_wrap_key( - &aes_key, - null(), - output.as_mut_ptr(), - input.as_ptr(), - input.len(), - ) - }); - - if out_len == -1 { - return Err(Unspecified); - } - - let out_len: usize = out_len.try_into().map_err(|_| Unspecified)?; - - debug_assert_eq!(out_len, input.len() + 8); - - out_len + + let mut aes_key = MaybeUninit::::uninit(); + + let key_bits: u32 = (self.key.len() * 8).try_into().map_err(|_| Unspecified)?; + + if 0 != unsafe { + AES_set_encrypt_key(self.key.as_ptr(), key_bits, aes_key.as_mut_ptr()) + } { + return Err(Unspecified); } - }; - Ok(&mut output[..out_len]) - } + let aes_key = unsafe { aes_key.assume_init() }; + + // AWS-LC validates the following: + // * in_len <= INT_MAX - 8 + // * in_len >= 16 + // * in_len % 8 == 0 + let out_len = indicator_check!(unsafe { + AES_wrap_key( + &aes_key, + null(), + output.as_mut_ptr(), + plaintext.as_ptr(), + plaintext.len(), + ) + }); + + if out_len == -1 { + return Err(Unspecified); + } - fn unwrap<'output>( - self, - key: &[u8], - input: &[u8], - output: &'output mut [u8], - ) -> Result<&'output mut [u8], Unspecified> { - if self == WrappingMode::Unpadded && output.len() < input.len() - 8 { - return Err(Unspecified); - } + let out_len: usize = out_len.try_into().map_err(|_| Unspecified)?; - let mut aes_key = MaybeUninit::::uninit(); + debug_assert_eq!(out_len, plaintext.len() + 8); - if 0 != unsafe { - AES_set_decrypt_key( - key.as_ptr(), - (key.len() * 8).try_into().map_err(|_| Unspecified)?, - aes_key.as_mut_ptr(), - ) - } { - return Err(Unspecified); + Ok(&mut output[..out_len]) } - let aes_key = unsafe { aes_key.assume_init() }; - - let out_len = match self { - WrappingMode::Padded => { - let mut out_len: usize = 0; - - // AWS-LC validates the following: - // * in_len >= AES_BLOCK_SIZE - // * max_out >= in_len - 8 - if 1 != indicator_check!(unsafe { - AES_unwrap_key_padded( - &aes_key, - output.as_mut_ptr(), - &mut out_len, - output.len(), - input.as_ptr(), - input.len(), - ) - }) { - return Err(Unspecified); - }; - - out_len - } - WrappingMode::Unpadded => { - // AWS-LC validates the following: - // * in_len < INT_MAX - // * in_len > 24 - // * in_len % 8 == 0 - let out_len = indicator_check!(unsafe { - AES_unwrap_key( - &aes_key, - null(), - output.as_mut_ptr(), - input.as_ptr(), - input.len(), - ) - }); - - if out_len == -1 { - return Err(Unspecified); - } - - let out_len: usize = out_len.try_into().map_err(|_| Unspecified)?; - - debug_assert_eq!(out_len, input.len() - 8); - - out_len + /// Peforms the key wrap decryption algorithm using `KeyEncryptionKey`'s configured block cipher. + /// It unwraps `ciphertext` and writes the corresponding plaintext to `output`. + /// + /// # Validation + /// * `ciphertext.len()` must be a multiple of 8 + /// * `output.len() >= (input.len() - 8)` + /// + /// # Errors + /// * [`Unspecified`]: An error occurred either due to `output` being insufficiently sized, `input` exceeding + /// the allowed input size, or for other unspecified reasons. + fn unwrap<'output>( + self, + ciphertext: &[u8], + output: &'output mut [u8], + ) -> Result<&'output mut [u8], Unspecified> { + if output.len() < ciphertext.len() - 8 { + return Err(Unspecified); } - }; - Ok(&mut output[..out_len]) - } -} + let mut aes_key = MaybeUninit::::uninit(); -/// The key-encryption key used with the selected cipher algorithn to wrap or unwrap a key. -pub struct KeyEncryptionKey { - algorithm: &'static Algorithm, - key: Box<[u8]>, - mode: WrappingMode, -} + if 0 != unsafe { + AES_set_decrypt_key( + self.key.as_ptr(), + (self.key.len() * 8).try_into().map_err(|_| Unspecified)?, + aes_key.as_mut_ptr(), + ) + } { + return Err(Unspecified); + } -impl KeyEncryptionKey { - /// Creates a new `KeyEncryptionKey` using the provider cipher algorithm, key bytes, and wrapping mode. - /// - /// # Errors - /// * [`Unspecified`]: Returned if `key_bytes.len()` does not match the size expected for the provided algorithm. - pub fn new( - algorithm: &'static Algorithm, - key_bytes: &[u8], - mode: WrappingMode, - ) -> Result { - if algorithm.key_len() != key_bytes.len() { - return Err(Unspecified); - } + let aes_key = unsafe { aes_key.assume_init() }; + + // AWS-LC validates the following: + // * in_len < INT_MAX + // * in_len > 24 + // * in_len % 8 == 0 + let out_len = indicator_check!(unsafe { + AES_unwrap_key( + &aes_key, + null(), + output.as_mut_ptr(), + ciphertext.as_ptr(), + ciphertext.len(), + ) + }); + + if out_len == -1 { + return Err(Unspecified); + } - let key = Vec::from(key_bytes).into_boxed_slice(); + let out_len: usize = out_len.try_into().map_err(|_| Unspecified)?; - Ok(Self { - algorithm, - key, - mode, - }) - } + debug_assert_eq!(out_len, ciphertext.len() - 8); - /// Peforms the key wrap encryption algorithm using `KeyEncryptionKey`'s configured cipher algorithm - /// and wrapping operation mode. It wraps the provided `input` plaintext and writes the - /// ciphertext to `output`. - /// - /// If `WrappingMode::Unpadded` is the configured mode, then `input.len()` must be a multiple of 8 and non-zero. - /// - /// # Sizing `output` - /// `output` must be sized appropriately depending on the configured [`WrappingMode`]. - /// * [`WrappingMode::Padded`]: `output.len() >= (input.len() + 15)` - /// * [`WrappingMode::Unpadded`]: `output.len() >= (input.len() + 8)` - /// - /// # Errors - /// * [`Unspecified`]: An error occurred either due to `output` being insufficiently sized, `input` exceeding - /// the allowed input size, or for other unspecified reasons. - pub fn wrap<'output>( - self, - input: &[u8], - output: &'output mut [u8], - ) -> Result<&'output mut [u8], Unspecified> { - self.mode.wrap(&self.key, input, output) + Ok(&mut output[..out_len]) + } } - /// Peforms the key wrap decryption algorithm using `KeyEncryptionKey`'s configured cipher algorithm - /// and wrapping operation mode. It unwraps the provided `input` ciphertext and writes the - /// plaintext to `output`. - /// - /// If `WrappingMode::Unpadded` is the configured mode, then `input.len()` must be a multiple of 8. - /// - /// # Sizing `output` - /// `output` must be sized appropriately depending on the configured [`WrappingMode`]. - /// * [`WrappingMode::Padded`]: `output.len() >= input.len()` - /// * [`WrappingMode::Unpadded`]: `output.len() >= (input.len() - 8)` - /// - /// # Errors - /// * [`Unspecified`]: An error occurred either due to `output` being insufficiently sized, `input` exceeding - /// the allowed input size, or for other unspecified reasons. - pub fn unwrap<'output>( - self, - input: &[u8], - output: &'output mut [u8], - ) -> Result<&'output mut [u8], Unspecified> { - self.mode.unwrap(&self.key, input, output) - } + impl KeyWrapPadded for KeyEncryptionKey { + /// Peforms the key wrap padding encryption algorithm using `KeyEncryptionKey`'s configured block cipher. + /// It wraps and pads `plaintext` writes the corresponding ciphertext to `output`. + /// + /// # Validation + /// * `output.len() >= (input.len() + 15)` + /// + /// # Errors + /// * [`Unspecified`]: An error occurred either due to `output` being insufficiently sized, `input` exceeding + /// the allowed input size, or for other unspecified reasons. + fn wrap_with_padding<'output>( + self, + plaintext: &[u8], + output: &'output mut [u8], + ) -> Result<&'output mut [u8], Unspecified> { + let mut aes_key = MaybeUninit::::uninit(); + + let key_bits: u32 = (self.key.len() * 8).try_into().map_err(|_| Unspecified)?; + + if 0 != unsafe { + AES_set_encrypt_key(self.key.as_ptr(), key_bits, aes_key.as_mut_ptr()) + } { + return Err(Unspecified); + } - /// Returns the configured `Algorithm`. - #[must_use] - pub fn algorithm(&self) -> &'static Algorithm { - self.algorithm - } + let aes_key = unsafe { aes_key.assume_init() }; + + let mut out_len: usize = 0; + + // AWS-LC validates the following: + // * in_len != 0 + // * in_len <= INT_MAX + // * max_out >= required_padding + 8 + if 1 != indicator_check!(unsafe { + AES_wrap_key_padded( + &aes_key, + output.as_mut_ptr(), + &mut out_len, + output.len(), + plaintext.as_ptr(), + plaintext.len(), + ) + }) { + return Err(Unspecified); + } - /// Returns the configured `WrappingMode`. - #[must_use] - pub fn wrapping_mode(&self) -> WrappingMode { - self.mode + Ok(&mut output[..out_len]) + } + + /// Peforms the key wrap padding decryption algorithm using `KeyEncryptionKey`'s configured block cipher. + /// It unwraps the padded `ciphertext` and writes the corresponding plaintext to `output`. + /// + /// # Sizing `output` + /// `output.len() >= input.len()`. + /// + /// # Errors + /// * [`Unspecified`]: An error occurred either due to `output` being insufficiently sized, `input` exceeding + /// the allowed input size, or for other unspecified reasons. + fn unwrap_with_padding<'output>( + self, + ciphertext: &[u8], + output: &'output mut [u8], + ) -> Result<&'output mut [u8], Unspecified> { + let mut aes_key = MaybeUninit::::uninit(); + + if 0 != unsafe { + AES_set_decrypt_key( + self.key.as_ptr(), + (self.key.len() * 8).try_into().map_err(|_| Unspecified)?, + aes_key.as_mut_ptr(), + ) + } { + return Err(Unspecified); + } + + let aes_key = unsafe { aes_key.assume_init() }; + + let mut out_len: usize = 0; + + // AWS-LC validates the following: + // * in_len >= AES_BLOCK_SIZE + // * max_out >= in_len - 8 + if 1 != indicator_check!(unsafe { + AES_unwrap_key_padded( + &aes_key, + output.as_mut_ptr(), + &mut out_len, + output.len(), + ciphertext.as_ptr(), + ciphertext.len(), + ) + }) { + return Err(Unspecified); + }; + + Ok(&mut output[..out_len]) + } } -} -#[allow(clippy::missing_fields_in_debug)] -impl Debug for KeyEncryptionKey { - fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { - f.debug_struct("KeyEncryptionKey") - .field("algorithm", &self.algorithm) - .field("mode", &self.mode) - .finish() + impl Debug for KeyEncryptionKey { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> std::fmt::Result { + f.debug_struct("KeyEncryptionKey") + .field("cipher", &self.cipher) + .finish_non_exhaustive() + } } } diff --git a/aws-lc-rs/src/key_wrap/tests.rs b/aws-lc-rs/src/key_wrap/tests.rs index 948d08af0ea..6602299b83e 100644 --- a/aws-lc-rs/src/key_wrap/tests.rs +++ b/aws-lc-rs/src/key_wrap/tests.rs @@ -6,45 +6,45 @@ #[cfg(feature = "fips")] mod fips; -use super::{Algorithm, AlgorithmId, KeyEncryptionKey, WrappingMode, AES_128, AES_256}; +use crate::key_wrap::nist_sp_800_38f::AesKek; -macro_rules! algorithm_test { +use super::{BlockCipher, BlockCipherId, KeyWrap, KeyWrapPadded, AES_128, AES_256}; + +macro_rules! block_cipher_test { ($name:ident, $alg:expr, $id:expr, $key_len:literal) => { #[test] fn $name() { - let x: &'static Algorithm = $alg; + let x: &dyn BlockCipher = $alg; assert_eq!($id, x.id()); assert_eq!($alg.key_len(), $key_len); } }; } -algorithm_test!(aes_128_algorithm, &AES_128, AlgorithmId::Aes128, 16); -algorithm_test!(aes_256_algorithm, &AES_256, AlgorithmId::Aes256, 32); +block_cipher_test!(aes_128_cipher, &AES_128, BlockCipherId::Aes128, 16); +block_cipher_test!(aes_256_cipher, &AES_256, BlockCipherId::Aes256, 32); #[test] fn key_encryption_key_debug_impl() { - let kek = - KeyEncryptionKey::new(&AES_128, &[42u8; 16], WrappingMode::Padded).expect("key created"); + let kek = AesKek::new(&AES_128, &[42u8; 16]).expect("key created"); assert_eq!( - "KeyEncryptionKey { algorithm: Aes128, mode: Padded }", + "KeyEncryptionKey { cipher: Aes128, .. }", format!("{kek:?}") ); } -macro_rules! key_wrap_test { - ($name:ident, $alg:expr, $mode:expr, $key:expr, $plaintext:expr, $expect:expr) => { +macro_rules! nist_aes_key_wrap_test { + ($name:ident, $alg:expr, $key:expr, $plaintext:expr, $expect:expr) => { #[test] fn $name() { const K: &[u8] = $key; const P: &[u8] = $plaintext; const C: &[u8] = $expect; - let kek = KeyEncryptionKey::new($alg, K, $mode).expect("key creation successful"); + let kek = AesKek::new($alg, K).expect("key creation successful"); - assert_eq!($alg.id(), kek.algorithm().id()); - assert_eq!($mode, kek.wrapping_mode()); + assert_eq!($alg.id(), kek.block_cipher_id()); let mut output = vec![0u8; C.len()]; @@ -52,7 +52,7 @@ macro_rules! key_wrap_test { assert_eq!(wrapped, C); - let kek = KeyEncryptionKey::new($alg, K, $mode).expect("key creation successful"); + let kek = AesKek::new($alg, K).expect("key creation successful"); let mut output = vec![ 0u8; @@ -70,28 +70,69 @@ macro_rules! key_wrap_test { }; } -macro_rules! key_unwrap_test { - ($name:ident, $alg:expr, $mode:expr, $key:expr, $ciphertext:expr) => { +macro_rules! nist_aes_key_wrap_with_padding_test { + ($name:ident, $alg:expr, $key:expr, $plaintext:expr, $expect:expr) => { + #[test] + fn $name() { + const K: &[u8] = $key; + const P: &[u8] = $plaintext; + const C: &[u8] = $expect; + + let kek = AesKek::new($alg, K).expect("key creation successful"); + + assert_eq!($alg.id(), kek.block_cipher_id()); + + let mut output = vec![0u8; C.len()]; + + let wrapped = Vec::from( + kek.wrap_with_padding(P, &mut output) + .expect("wrap successful"), + ); + + assert_eq!(wrapped, C); + + let kek = AesKek::new($alg, K).expect("key creation successful"); + + let mut output = vec![ + 0u8; + if P.len() % 8 != 0 { + P.len() + (8 - (P.len() % 8)) + } else { + P.len() + } + ]; + + let unwrapped = kek + .unwrap_with_padding(&wrapped, &mut output) + .expect("wrap successful"); + + assert_eq!(unwrapped, P); + } + }; +} + +macro_rules! nist_aes_key_unwrap_test { + ($name:ident, $alg:expr, $key:expr, $ciphertext:expr) => { #[test] fn $name() { const K: &[u8] = $key; const C: &[u8] = $ciphertext; - let kek = KeyEncryptionKey::new($alg, K, $mode).expect("key creation successful"); + let kek = AesKek::new($alg, K).expect("key creation successful"); let mut output = vec![0u8; C.len()]; kek.unwrap(C, &mut output).expect_err("unwrap to fail"); } }; - ($name:ident, $alg:expr, $mode:expr, $key:expr, $ciphertext:expr, $expect:expr) => { + ($name:ident, $alg:expr, $key:expr, $ciphertext:expr, $expect:expr) => { #[test] fn $name() { const K: &[u8] = $key; const C: &[u8] = $ciphertext; const P: &[u8] = $expect; - let kek = KeyEncryptionKey::new($alg, K, $mode).expect("key creation successful"); + let kek = AesKek::new($alg, K).expect("key creation successful"); let mut output = vec![ 0u8; @@ -106,7 +147,7 @@ macro_rules! key_unwrap_test { assert_eq!(unwrapped, P); - let kek = KeyEncryptionKey::new($alg, K, $mode).expect("key creation successful"); + let kek = AesKek::new($alg, K).expect("key creation successful"); let mut output = vec![0u8; C.len()]; @@ -117,10 +158,62 @@ macro_rules! key_unwrap_test { }; } -key_wrap_test!( +macro_rules! nist_aes_key_unwrap_with_padding_test { + ($name:ident, $alg:expr, $key:expr, $ciphertext:expr) => { + #[test] + fn $name() { + const K: &[u8] = $key; + const C: &[u8] = $ciphertext; + + let kek = AesKek::new($alg, K).expect("key creation successful"); + + let mut output = vec![0u8; C.len()]; + + kek.unwrap_with_padding(C, &mut output) + .expect_err("unwrap to fail"); + } + }; + ($name:ident, $alg:expr, $key:expr, $ciphertext:expr, $expect:expr) => { + #[test] + fn $name() { + const K: &[u8] = $key; + const C: &[u8] = $ciphertext; + const P: &[u8] = $expect; + + let kek = AesKek::new($alg, K).expect("key creation successful"); + + let mut output = vec![ + 0u8; + if P.len() % 8 != 0 { + P.len() + (8 - (P.len() % 8)) + } else { + P.len() + } + ]; + + let unwrapped = Vec::from( + kek.unwrap_with_padding(C, &mut output) + .expect("unwrap successful"), + ); + + assert_eq!(unwrapped, P); + + let kek = AesKek::new($alg, K).expect("key creation successful"); + + let mut output = vec![0u8; C.len()]; + + let wrapped = kek + .wrap_with_padding(&unwrapped, &mut output) + .expect("wrap successful"); + + assert_eq!(wrapped, C); + } + }; +} + +nist_aes_key_wrap_with_padding_test!( kwp_ae_aes128_8bit_len, &AES_128, - WrappingMode::Padded, &[ 0x6d, 0xec, 0xf1, 0x0a, 0x1c, 0xaf, 0x8e, 0x3b, 0x80, 0xc7, 0xa4, 0xbe, 0x8c, 0x9c, 0x84, 0xe8, @@ -132,10 +225,9 @@ key_wrap_test!( ] ); -key_wrap_test!( +nist_aes_key_wrap_with_padding_test!( kwp_ae_aes128_248bit_len, &AES_128, - WrappingMode::Padded, &[ 0xbe, 0x96, 0xdc, 0x19, 0x5e, 0xc0, 0x34, 0xd6, 0x16, 0x48, 0x6e, 0xd7, 0x0e, 0x97, 0xfe, 0x83 @@ -152,10 +244,9 @@ key_wrap_test!( ] ); -key_unwrap_test!( +nist_aes_key_unwrap_with_padding_test!( kwp_ad_aes128_8bit_len, &AES_128, - WrappingMode::Padded, &[ 0x49, 0x31, 0x9c, 0x33, 0x12, 0x31, 0xcd, 0x6b, 0xf7, 0x4c, 0x2f, 0x70, 0xb0, 0x7f, 0xcc, 0x5c @@ -167,10 +258,9 @@ key_unwrap_test!( &[0xe4] ); -key_unwrap_test!( +nist_aes_key_unwrap_with_padding_test!( kwp_ad_aes128_8bit_len_fail, &AES_128, - WrappingMode::Padded, &[ 0x7a, 0x3f, 0x4d, 0x97, 0x05, 0x01, 0xbf, 0x86, 0x14, 0x7e, 0x91, 0x5f, 0xe1, 0xb9, 0x03, 0x18 @@ -181,10 +271,9 @@ key_unwrap_test!( ] ); -key_unwrap_test!( +nist_aes_key_unwrap_with_padding_test!( kwp_ad_aes128_248bit_len, &AES_128, - WrappingMode::Padded, &[ 0x28, 0x90, 0x23, 0x37, 0x90, 0x78, 0xb8, 0x21, 0xfc, 0x24, 0xf7, 0x18, 0xbd, 0xc9, 0x43, 0x31 @@ -201,10 +290,9 @@ key_unwrap_test!( ] ); -key_unwrap_test!( +nist_aes_key_unwrap_with_padding_test!( kwp_ad_aes128_248bit_len_fail, &AES_128, - WrappingMode::Padded, &[ 0x69, 0x29, 0x11, 0x7e, 0x6c, 0xb1, 0x8e, 0xa4, 0xa2, 0x98, 0x58, 0x86, 0xf0, 0x8c, 0x0a, 0xe1 @@ -216,10 +304,9 @@ key_unwrap_test!( ] ); -key_wrap_test!( +nist_aes_key_wrap_test!( kw_ae_aes128_128bit_len, &AES_128, - WrappingMode::Unpadded, &[ 0x75, 0x75, 0xda, 0x3a, 0x93, 0x60, 0x7c, 0xc2, 0xbf, 0xd8, 0xce, 0xc7, 0xaa, 0xdf, 0xd9, 0xa6 @@ -234,10 +321,9 @@ key_wrap_test!( ] ); -key_wrap_test!( +nist_aes_key_wrap_test!( kw_ae_aes128_256bit_len, &AES_128, - WrappingMode::Unpadded, &[ 0xe5, 0xd0, 0x58, 0xe7, 0xf1, 0xc2, 0x2c, 0x01, 0x6c, 0x4e, 0x1c, 0xc9, 0xb2, 0x6b, 0x9f, 0x8f @@ -254,10 +340,9 @@ key_wrap_test!( ] ); -key_unwrap_test!( +nist_aes_key_unwrap_test!( kw_ad_aes128_128bit_len, &AES_128, - WrappingMode::Unpadded, &[ 0x1c, 0xbd, 0x2f, 0x79, 0x07, 0x8b, 0x95, 0x00, 0xfa, 0xe2, 0x36, 0x96, 0x31, 0x19, 0x53, 0xeb @@ -272,10 +357,9 @@ key_unwrap_test!( ] ); -key_unwrap_test!( +nist_aes_key_unwrap_test!( kw_ad_aes128_128bit_len_fail, &AES_128, - WrappingMode::Unpadded, &[ 0x5e, 0xa3, 0x0c, 0x21, 0xdb, 0x36, 0xc0, 0x57, 0x72, 0x94, 0xcc, 0x70, 0xd3, 0xb8, 0x69, 0x70 @@ -286,10 +370,9 @@ key_unwrap_test!( ] ); -key_unwrap_test!( +nist_aes_key_unwrap_test!( kw_ad_aes128_256bit_len, &AES_128, - WrappingMode::Unpadded, &[ 0x83, 0xda, 0x6e, 0x02, 0x40, 0x4d, 0x5a, 0xbf, 0xd4, 0x7d, 0x15, 0xda, 0x59, 0x18, 0x40, 0xe2 @@ -306,10 +389,9 @@ key_unwrap_test!( ] ); -key_unwrap_test!( +nist_aes_key_unwrap_test!( kw_ad_aes128_256bit_len_fail, &AES_128, - WrappingMode::Unpadded, &[ 0x84, 0xbc, 0x6c, 0xe7, 0xee, 0x4f, 0xd9, 0xdb, 0x51, 0x25, 0x36, 0x66, 0x9d, 0x06, 0x86, 0xda @@ -321,10 +403,9 @@ key_unwrap_test!( ] ); -key_wrap_test!( +nist_aes_key_wrap_with_padding_test!( kwp_ae_aes256_8bit_len, &AES_256, - WrappingMode::Padded, &[ 0x95, 0xda, 0x27, 0x00, 0xca, 0x6f, 0xd9, 0xa5, 0x25, 0x54, 0xee, 0x2a, 0x8d, 0xf1, 0x38, 0x6f, 0x5b, 0x94, 0xa1, 0xa6, 0x0e, 0xd8, 0xa4, 0xae, 0xf6, 0x0a, 0x8d, 0x61, 0xab, 0x5f, @@ -337,10 +418,9 @@ key_wrap_test!( ] ); -key_wrap_test!( +nist_aes_key_wrap_with_padding_test!( kwp_ae_aes256_248bit_len, &AES_256, - WrappingMode::Padded, &[ 0xe9, 0xbb, 0x7f, 0x44, 0xc7, 0xba, 0xaf, 0xbf, 0x39, 0x2a, 0xb9, 0x12, 0x58, 0x9a, 0x2f, 0x8d, 0xb5, 0x32, 0x68, 0x10, 0x6e, 0xaf, 0xb7, 0x46, 0x89, 0xbb, 0x18, 0x33, 0x13, 0x6e, @@ -358,10 +438,9 @@ key_wrap_test!( ] ); -key_unwrap_test!( +nist_aes_key_unwrap_with_padding_test!( kwp_ad_aes256_8bit_len, &AES_256, - WrappingMode::Padded, &[ 0x20, 0xe4, 0xff, 0x6a, 0x88, 0xff, 0xa9, 0xa2, 0x81, 0x8b, 0x81, 0x70, 0x27, 0x93, 0xd8, 0xa0, 0x16, 0x72, 0x2c, 0x2f, 0xa1, 0xff, 0x44, 0x5f, 0x24, 0xb9, 0xdb, 0x29, 0x3c, 0xb1, @@ -374,10 +453,9 @@ key_unwrap_test!( &[0xd2] ); -key_unwrap_test!( +nist_aes_key_unwrap_with_padding_test!( kwp_ad_aes256_8bit_len_fail, &AES_256, - WrappingMode::Padded, &[ 0xc3, 0x2c, 0xb3, 0xe1, 0xe4, 0x1a, 0x4b, 0x9f, 0x4d, 0xe7, 0x99, 0x89, 0x95, 0x78, 0x66, 0xf5, 0xdd, 0x48, 0xdb, 0xa3, 0x8c, 0x22, 0xa6, 0xeb, 0xb8, 0x0e, 0x14, 0xc8, 0x4b, 0xdd, @@ -389,10 +467,9 @@ key_unwrap_test!( ] ); -key_unwrap_test!( +nist_aes_key_unwrap_with_padding_test!( kwp_ad_aes256_248bit_len, &AES_256, - WrappingMode::Padded, &[ 0x09, 0xab, 0x42, 0x86, 0xa8, 0x45, 0xc1, 0x8b, 0xb4, 0x81, 0xda, 0x91, 0xc3, 0x9a, 0x58, 0xfd, 0x52, 0xed, 0x78, 0xd5, 0x49, 0x73, 0xfc, 0x41, 0xf2, 0x51, 0x63, 0xa0, 0xc3, 0x3f, @@ -410,10 +487,9 @@ key_unwrap_test!( ] ); -key_unwrap_test!( +nist_aes_key_unwrap_with_padding_test!( kwp_ad_aes256_248bit_len_fail, &AES_256, - WrappingMode::Padded, &[ 0x8c, 0x35, 0xfb, 0x77, 0x76, 0x6d, 0x04, 0xf4, 0x8d, 0x5b, 0x52, 0x27, 0x5c, 0x5c, 0x5f, 0x31, 0xf5, 0x68, 0x07, 0x84, 0x19, 0xe5, 0xc2, 0x33, 0x59, 0x18, 0x96, 0x5f, 0xbe, 0x53, @@ -426,10 +502,9 @@ key_unwrap_test!( ] ); -key_wrap_test!( +nist_aes_key_wrap_test!( kw_ae_aes256_128bit_len, &AES_256, - WrappingMode::Unpadded, &[ 0xf5, 0x97, 0x82, 0xf1, 0xdc, 0xeb, 0x05, 0x44, 0xa8, 0xda, 0x06, 0xb3, 0x49, 0x69, 0xb9, 0x21, 0x2b, 0x55, 0xce, 0x6d, 0xcb, 0xdd, 0x09, 0x75, 0xa3, 0x3f, 0x4b, 0x3f, 0x88, 0xb5, @@ -445,10 +520,9 @@ key_wrap_test!( ] ); -key_wrap_test!( +nist_aes_key_wrap_test!( kw_ae_aes256_256bit_len, &AES_256, - WrappingMode::Unpadded, &[ 0x8b, 0x54, 0xe6, 0xbc, 0x3d, 0x20, 0xe8, 0x23, 0xd9, 0x63, 0x43, 0xdc, 0x77, 0x6c, 0x0d, 0xb1, 0x0c, 0x51, 0x70, 0x8c, 0xee, 0xcc, 0x9a, 0x38, 0xa1, 0x4b, 0xeb, 0x4c, 0xa5, 0xb8, @@ -466,10 +540,9 @@ key_wrap_test!( ] ); -key_unwrap_test!( +nist_aes_key_unwrap_test!( kw_ad_aes256_128bit_len, &AES_256, - WrappingMode::Unpadded, &[ 0x80, 0xaa, 0x99, 0x73, 0x27, 0xa4, 0x80, 0x6b, 0x6a, 0x7a, 0x41, 0xa5, 0x2b, 0x86, 0xc3, 0x71, 0x03, 0x86, 0xf9, 0x32, 0x78, 0x6e, 0xf7, 0x96, 0x76, 0xfa, 0xfb, 0x90, 0xb8, 0x26, @@ -485,10 +558,9 @@ key_unwrap_test!( ] ); -key_unwrap_test!( +nist_aes_key_unwrap_test!( kw_ad_aes256_128bit_len_fail, &AES_256, - WrappingMode::Unpadded, &[ 0x08, 0xc9, 0x36, 0xb2, 0x5b, 0x56, 0x7a, 0x0a, 0xa6, 0x79, 0xc2, 0x9f, 0x20, 0x1b, 0xf8, 0xb1, 0x90, 0x32, 0x7d, 0xf0, 0xc2, 0x56, 0x3e, 0x39, 0xce, 0xe0, 0x61, 0xf1, 0x49, 0xf4, @@ -500,10 +572,9 @@ key_unwrap_test!( ] ); -key_unwrap_test!( +nist_aes_key_unwrap_test!( kw_ad_aes256_256bit_len, &AES_256, - WrappingMode::Unpadded, &[ 0x04, 0x9c, 0x7b, 0xcb, 0xa0, 0x3e, 0x04, 0x39, 0x5c, 0x2a, 0x22, 0xe6, 0xa9, 0x21, 0x5c, 0xda, 0xe0, 0xf7, 0x62, 0xb0, 0x77, 0xb1, 0x24, 0x4b, 0x44, 0x31, 0x47, 0xf5, 0x69, 0x57, @@ -521,10 +592,9 @@ key_unwrap_test!( ] ); -key_unwrap_test!( +nist_aes_key_unwrap_test!( kw_ad_aes256_256bit_len_fail, &AES_256, - WrappingMode::Unpadded, &[ 0x3c, 0x7c, 0x55, 0x9f, 0xb9, 0x9d, 0x2e, 0x3f, 0x82, 0x80, 0xc9, 0xbe, 0x14, 0xb0, 0xf7, 0xb6, 0x76, 0xa3, 0x20, 0x53, 0xeb, 0xa8, 0xf7, 0xaf, 0xbb, 0x43, 0x04, 0xc1, 0x17, 0xa6, @@ -538,11 +608,10 @@ key_unwrap_test!( ); macro_rules! wrap_input_output_invalid_test { - ($name:ident, $mode:expr, $input_len:expr, $output_len:expr) => { + ($name:ident, $input_len:expr, $output_len:expr) => { #[test] fn $name() { - let kek = KeyEncryptionKey::new(&AES_128, &[16u8; 16], $mode) - .expect("key creation successful"); + let kek = AesKek::new(&AES_128, &[16u8; 16]).expect("key creation successful"); let input_len: usize = $input_len.try_into().unwrap(); let output_len: usize = $output_len.try_into().unwrap(); @@ -557,28 +626,22 @@ macro_rules! wrap_input_output_invalid_test { } // Input length < 16 -wrap_input_output_invalid_test!(wrap_input_len_less_than_min, WrappingMode::Unpadded, 15, 23); +wrap_input_output_invalid_test!(wrap_input_len_less_than_min, 15, 23); // Input length % 8 != 0 -wrap_input_output_invalid_test!( - wrap_input_len_not_multiple_of_eight, - WrappingMode::Unpadded, - 17, - 25 -); +wrap_input_output_invalid_test!(wrap_input_len_not_multiple_of_eight, 17, 25); // Output length < Input length - 8 -wrap_input_output_invalid_test!(wrap_output_len_too_small, WrappingMode::Unpadded, 16, 8); +wrap_input_output_invalid_test!(wrap_output_len_too_small, 16, 8); // Input Length == 0 -wrap_input_output_invalid_test!(wrap_padded_input_len_zero, WrappingMode::Padded, 0, 8); +wrap_input_output_invalid_test!(wrap_padded_input_len_zero, 0, 8); macro_rules! unwrap_input_output_invalid_test { - ($name:ident, $mode:expr, $input_len:expr, $output_len:expr) => { + ($name:ident, $input_len:expr, $output_len:expr) => { #[test] fn $name() { - let kek = KeyEncryptionKey::new(&AES_128, &[16u8; 16], $mode) - .expect("key creation successful"); + let kek = AesKek::new(&AES_128, &[16u8; 16]).expect("key creation successful"); let input_len: usize = $input_len.try_into().unwrap(); let output_len: usize = $output_len.try_into().unwrap(); @@ -592,37 +655,35 @@ macro_rules! unwrap_input_output_invalid_test { }; } +macro_rules! unwrap_with_padding_input_output_invalid_test { + ($name:ident, $input_len:expr, $output_len:expr) => { + #[test] + fn $name() { + let kek = AesKek::new(&AES_128, &[16u8; 16]).expect("key creation successful"); + + let input_len: usize = $input_len.try_into().unwrap(); + let output_len: usize = $output_len.try_into().unwrap(); + + let input = vec![42u8; input_len]; + let mut output = vec![0u8; output_len]; + + kek.unwrap_with_padding(input.as_slice(), output.as_mut_slice()) + .expect_err("failure"); + } + }; +} + // Input length < 24 -unwrap_input_output_invalid_test!( - unwrap_input_len_smaller_than_min, - WrappingMode::Unpadded, - 16, - 16 -); +unwrap_input_output_invalid_test!(unwrap_input_len_smaller_than_min, 16, 16); // Input length % 8 != 0 -unwrap_input_output_invalid_test!( - unwrap_input_len_not_multiple_of_eight, - WrappingMode::Unpadded, - 31, - 31 -); +unwrap_input_output_invalid_test!(unwrap_input_len_not_multiple_of_eight, 31, 31); // Output length < Input length - 8 -unwrap_input_output_invalid_test!(unwrap_output_len_too_small, WrappingMode::Unpadded, 24, 15); +unwrap_input_output_invalid_test!(unwrap_output_len_too_small, 24, 15); // Input length < 16 (AES Block Length) -unwrap_input_output_invalid_test!( - unwrap_padded_input_len_smaller_than_min, - WrappingMode::Padded, - 15, - 15 -); +unwrap_with_padding_input_output_invalid_test!(unwrap_padded_input_len_smaller_than_min, 15, 15); // Output length < Input length - 8 -unwrap_input_output_invalid_test!( - unwrap_padded_output_len_too_small, - WrappingMode::Padded, - 24, - 15 -); +unwrap_with_padding_input_output_invalid_test!(unwrap_padded_output_len_too_small, 24, 15); diff --git a/aws-lc-rs/src/key_wrap/tests/fips.rs b/aws-lc-rs/src/key_wrap/tests/fips.rs index ce54ed9214d..27866e5b2ba 100644 --- a/aws-lc-rs/src/key_wrap/tests/fips.rs +++ b/aws-lc-rs/src/key_wrap/tests/fips.rs @@ -2,7 +2,7 @@ use crate::{ fips::{assert_fips_status_indicator, FipsServiceStatus}, - key_wrap::{KeyEncryptionKey, WrappingMode, AES_128, AES_256}, + key_wrap::{nist_sp_800_38f::AesKek, KeyWrap, KeyWrapPadded, AES_128, AES_256}, }; const K_128: &[u8] = &[ @@ -18,14 +18,14 @@ const P: &[u8] = &[ 0xf2, 0x64, 0x5b, 0xa4, 0xba, 0xed, 0xa7, 0xec, 0xbc, 0x12, 0xa6, 0xad, 0x46, 0x76, 0x95, 0xa0, ]; -macro_rules! key_wrap_test { - ($name:ident, $alg:expr, $mode:expr, $key:expr, $plaintext:expr) => { +macro_rules! nist_aes_key_wrap_test { + ($name:ident, $alg:expr, $key:expr, $plaintext:expr) => { #[test] fn $name() { let k = $key; let p = $plaintext; - let kek = KeyEncryptionKey::new($alg, k, $mode).expect("key creation successful"); + let kek = AesKek::new($alg, k).expect("key creation successful"); let mut output = vec![0u8; p.len() + 15]; @@ -34,7 +34,7 @@ macro_rules! key_wrap_test { FipsServiceStatus::Approved )); - let kek = KeyEncryptionKey::new($alg, k, $mode).expect("key creation successful"); + let kek = AesKek::new($alg, k).expect("key creation successful"); let mut output = vec![ 0u8; @@ -53,7 +53,44 @@ macro_rules! key_wrap_test { }; } -key_wrap_test!(kwp_aes128, &AES_128, WrappingMode::Padded, K_128, P); -key_wrap_test!(kw_aes128, &AES_128, WrappingMode::Unpadded, K_128, P); -key_wrap_test!(kwp_aes256, &AES_256, WrappingMode::Padded, K_256, P); -key_wrap_test!(kw_aes256, &AES_256, WrappingMode::Unpadded, K_256, P); +macro_rules! nist_aes_key_wrap_with_padding_test { + ($name:ident, $alg:expr, $key:expr, $plaintext:expr) => { + #[test] + fn $name() { + let k = $key; + let p = $plaintext; + + let kek = AesKek::new($alg, k).expect("key creation successful"); + + let mut output = vec![0u8; p.len() + 15]; + + let wrapped = Vec::from(assert_fips_status_indicator!( + kek.wrap_with_padding(P, &mut output) + .expect("wrap successful"), + FipsServiceStatus::Approved + )); + + let kek = AesKek::new($alg, k).expect("key creation successful"); + + let mut output = vec![ + 0u8; + if p.len() % 8 != 0 { + p.len() + (8 - (p.len() % 8)) + } else { + p.len() + } + ]; + + let _unwrapped = assert_fips_status_indicator!( + kek.unwrap_with_padding(&wrapped, &mut output) + .expect("wrap successful"), + FipsServiceStatus::Approved + ); + } + }; +} + +nist_aes_key_wrap_with_padding_test!(kwp_aes128, &AES_128, K_128, P); +nist_aes_key_wrap_test!(kw_aes128, &AES_128, K_128, P); +nist_aes_key_wrap_with_padding_test!(kwp_aes256, &AES_256, K_256, P); +nist_aes_key_wrap_test!(kw_aes256, &AES_256, K_256, P);