AES Full-XTS key APIs - zpc/aes_xts_key.h
In file zpc/aes_xts_key.h, libzpc provides APIs to generate and manage advanced encryption standard (AES) block cipher keys to be used in a full-XTS context in the available full-XTS cryptographic functions.
The standard AES-XTS cipher mode (XEX-based tweaked-codebook mode with ciphertext stealing) is a block cipher mode designed for data-at-rest encryption on storage devices, using two separate keys, one to encrypt and one to tweak each data block based on its position and sector number. Both keys together build the XTS key. In Full-XTS, you only need one key, which, however, contains both key parts within one full-XTS key blob, which fulfills both purposes (encrypt and tweak).
The AES full-XTS keys are only available since IBM® z17 ™. Applications which need to perform AES-XTS operations on earlier machines must use the AES-XTS APIs with two separate AES keys (see AES XTS APIs - zpc/aes_xts.h).
Data structures
The AES full-XTS key structure is opaque for the application:
struct zpc_aes_xts_key;
Supported key types
The zpc/aes_xts_key.h file defines the following constants for the supported key types:
typedef enum {
ZPC_XTS_SECRET_TYPE_NOT_SET = -2,
ZPC_XTS_SECRET_TYPE_INVALID = -1,
ZPC_XTS_SECRET_AES_XTS_128 = 0x07,
ZPC_XTS_SECRET_AES_XTS_256 = 0x08,
} zpc_xtssecret_type_t;The remainder of this information unit describes the available APIs for managing AES Full-XTS keys.
zpc_aes_xts_key_alloc
Purpose: Allocate a new AES full-XTS key object with reference count 1.
int zpc_aes_xts_key_alloc (
struct zpc_aes_xts_key **key)
Parameters:
| Direction | Name | Description |
|---|---|---|
| input, output | key | Pointer to an AES full-XTS key object. |
Return codes:
0 on success. Otherwise, a non-zero error code is returned.
zpc_aes_xts_key_set_size
Purpose: Set the size of an AES full-XTS key.
int zpc_aes_xts_key_set_size (
struct zpc_aes_xts_key *key,
int size)
Parameters:
| Direction | Name | Description |
|---|---|---|
| input, output | key | Pointer to an AES full-XTS key object. |
| input | size | Key size in bits. Possible values are 128 or 256. |
Return codes:
0 on success. Otherwise, a non-zero error code is returned.
zpc_aes_xts_key_set_type
Purpose:
int zpc_aes_xts_key_set_type (
struct zpc_aes_xts_key *key,
int type);
Parameters:
| Direction | Name | Description |
|---|---|---|
| input, output | key | Pointer to an AES full-XTS key object. |
| input | type | The type of the key. Valid value: ZPC_AES_XTS_KEY_TYPE_PVSECRET. |
Return codes:
0 on success. Otherwise, a non-zero error code is returned.
zpc_aes_xts_key_import
Purpose: Import an AES-XTS protected key (from origin secure key or retrievable secret).
int zpc_aes_xts_key_import (
struct zpc_aes_xts_key *key,
const unsigned char *origin,
size_t originlen)
Parameters:
| Direction | Name | Description |
|---|---|---|
| input, output | key | Pointer to an AES full-XTS protected key object. |
| input | origin | Pointer to an AES full-XTS protected key (origin: secure key or retrievable secret). Valid value: ZPC_AES_XTS_KEY_TYPE_PVSECRET |
| input | originlen | Length of the AES full-XTS protected key in bytes. |
Return codes:
0 on success. Otherwise, a non-zero error code is returned.
zpc_aes_xts_key_import_clear
Purpose: Import an AES XTS clear key into an AES full-XTS protected key.
int zpc_aes_xts_key_import_clear (
struct zpc_aes_xts_key *key,
const unsigned char *clrkey)
Parameters:
| Direction | Name | Description |
|---|---|---|
| input, output | key | Pointer to an AES full-XTS protected key object. If the key object has no type set, a full-XTS protected key is created from the given key material. If the type is set to ZPC_AES_XTS_KEY_TYPE_PVSECRET, then the import is not possible. |
| input | clrkey | Pointer to an AES full-XTS protected key object. The application must provide concatenated key material for two single AES keys of the specified size, that is, either 2 x 16 bytes or 2 x 32 bytes. |
Return codes:
0 on success. Otherwise, a non-zero error code is returned.
zpc_aes_xts_key_export
Purpose: Export an AES-XTS protected key (from origin secure key or retrievable secret).
int zpc_aes_xts_key_export (
struct zpc_aes_xts_key *key,
unsigned char *origin,
size_t *originlen)
Parameters:
| Direction | Name | Description |
|---|---|---|
| input, output | key | Pointer to an AES full-XTS protected key object. |
| input | origin | Pointer to an AES full-XTS protected key (origin: secure key or retrievable secret). |
| input | originlen | Pointer to a field containing the length of the AES full-XTS protected key in bytes. |
Return codes:
0 on success. Otherwise, a non-zero error code is returned.
zpc_aes_xts_key_generate
Purpose: Generate an AES-XTS key. If the key object has no type set, a full-XTS random protected key is created. If the type is set to ZPC_AES_XTS_KEY_TYPE_PVSECRET, then a key generation is not possible.
int zpc_aes_xts_key_generate (
struct zpc_aes_xts_key *key)
Parameters:
| Direction | Name | Description |
|---|---|---|
| input, output | key | Pointer to an AES full-XTS protected key object. |
Return codes:
0 on success. Otherwise, a non-zero error code is returned.
zpc_aes_xts_key_free
Purpose: Decrease the reference count of an AES full-XTS key object and free it if, the count reaches 0.
void zpc_aes_xts_key_free (
struct zpc_aes_xts_key **key)
Parameters:
| Direction | Name | Description |
|---|---|---|
| input, output | key | Pointer to an AES full-XTS protected key object. |