Wrap Algorithms

certusone · Mar 19, 2021 · fe9ad5f · fe9ad5f
1 parent 8ea63b0
commit fe9ad5f
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 3 deletions.
diff --git a/commands/constructors.go b/commands/constructors.go
@@ -249,15 +249,28 @@ func CreateGetPseudoRandomCommand(numBytes uint16) *CommandMessage {
 	return command
 }
 
-func CreatePutWrapkeyCommand(objID uint16, label []byte, domains uint16, capabilities, delegated uint64, wrapkey []byte) (*CommandMessage, error) {
+func CreatePutWrapkeyCommand(objID uint16, label []byte, domains uint16, capabilities uint64, algorithm Algorithm, delegated uint64, wrapkey []byte) (*CommandMessage, error) {
 	if len(label) > LabelLength {
 		return nil, errors.New("label is too long")
 	}
 	if len(label) < LabelLength {
 		label = append(label, bytes.Repeat([]byte{0x00}, LabelLength-len(label))...)
 	}
-	if keyLen := len(wrapkey); keyLen != 16 && keyLen != 24 && keyLen != 32 {
-		return nil, errors.New("wrapkey is wrong length")
+	switch algorithm {
+	case AlgorithmAES128CCMWrap:
+		if keyLen := len(wrapkey); keyLen != 16 {
+			return nil, errors.New("wrapkey is wrong length")
+		}
+	case AlgorithmAES192CCMWrap:
+		if keyLen := len(wrapkey); keyLen != 24 {
+			return nil, errors.New("wrapkey is wrong length")
+		}
+	case AlgorithmAES256CCMWrap:
+		if keyLen := len(wrapkey); keyLen != 32 {
+			return nil, errors.New("wrapkey is wrong length")
+		}
+	default:
+		return nil, errors.New("invalid algorithm")
 	}
 
 	command := &CommandMessage{
@@ -269,6 +282,7 @@ func CreatePutWrapkeyCommand(objID uint16, label []byte, domains uint16, capabil
 	payload.Write(label)
 	binary.Write(payload, binary.BigEndian, domains)
 	binary.Write(payload, binary.BigEndian, capabilities)
+	binary.Write(payload, binary.BigEndian, algorithm)
 	binary.Write(payload, binary.BigEndian, delegated)
 	payload.Write(wrapkey)
 

diff --git a/commands/types.go b/commands/types.go
@@ -84,6 +84,9 @@ const (
 	AlgorithmSecp256k1               Algorithm = 15
 	AlgorithmYubicoAESAuthentication Algorithm = 38
 	AlgorighmED25519                 Algorithm = 46
+	AlgorithmAES128CCMWrap           Algorithm = 29
+	AlgorithmAES192CCMWrap           Algorithm = 41
+	AlgorithmAES256CCMWrap           Algorithm = 42
 
 	// Capabilities
 	CapabilityGetOpaque             uint64 = 0x0000000000000001