X.X.X NIST AES Keywrap AES keywrap is a key management algorithm defined in RFC 3394. Its intention is to provide an algorithm to wrap and unwrap cryptographic keys. It requires an AES key (128, 192 or 256-bits), an 8-bytes IV, the data to encrypt is n blocks of 8-bytes. The wrap output is n+1 blocks of 8-bytes. The default IV specified by the standard is A6A6A6A6A6A6A6A6. X.X.X.1 General NIST AES Keywrap interface Function: void nist_keywrap16 (const void *ctx, nettle_cipher_func *encrypt, const uint8_t *iv, size_t ciphertext_length, uint8_t *ciphertext, const uint8_t *cleartext); Wraps *cleartext. The AES context *ctx struct aes128_ctx, struct aes192_ctx or struct aes256_ctx must be initialized with the cypher key. The *encrypt function is the aes{128,192,256}_encrypt function corresponding to the AES context size. *iv is the initialization vector, a 8-bytes value. *cleartext length must be at least ciphertext_length+8. Function: int nist_keyunwrap16 (const void *ctx, nettle_cipher_func *decrypt, const uint8_t *iv, size_t cleartext_length, uint8_t *cleartext, const uint8_t *ciphertext); Unwraps *ciphertext. The AES context *ctx struct aes128_ctx, struct aes192_ctx or struct aes256_ctx must be initialized with the decypher key. The *decrypt function is the aes{128,192,256}_decrypt function corresponding to the AES context size. *iv is the initialization vector, a 8-bytes value. *ciphertext length must be cleartext_length-8. Returns 1 on unwrap success, 0 on unwrap error. X.X.X.2 Specific context NIST AES Keywrap interface Function: void aes128_keywrap (struct aes128_ctx *ctx, const uint8_t *iv, size_t ciphertext_length, uint8_t *ciphertext, const uint8_t *cleartext); Function: void aes192_keywrap (struct aes192_ctx *ctx, const uint8_t *iv, size_t ciphertext_length, uint8_t *ciphertext, const uint8_t *cleartext); Function: void aes256_keywrap (struct aes256_ctx *ctx, const uint8_t *iv, size_t ciphertext_length, uint8_t *ciphertext, const uint8_t *cleartext); The AES context *ctx must be initialized with the cypher key. *iv is the initialization vector, a 8-bytes value. *cleartext length must be at least ciphertext_length+8. Function: int aes128_keyunwrap (struct aes128_ctx *ctx, const uint8_t *iv, size_t cleartext_length, uint8_t *cleartext, const uint8_t *ciphertext); Function: int aes192_keyunwrap (struct aes192_ctx *ctx, const uint8_t *iv, size_t cleartext_length, uint8_t *cleartext, const uint8_t *ciphertext); Function: int aes256_keyunwrap (struct aes256_ctx *ctx, const uint8_t *iv, size_t cleartext_length, uint8_t *cleartext, const uint8_t *ciphertext); The AES context *ctx must be initialized with the decypher key. *iv is the initialization vector, a 8-bytes value. *ciphertext length must be cleartext_length-8. Returns 1 on unwrap success, 0 on unwrap error.