AES_unwrap_key returns 0

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

AES_unwrap_key returns 0

InMotion Man
Hello all,
I'm having trouble using the AES_unwrap_key function. I have tried different things but it always returns 0 and the out buffer does not get written to. 

I can wrap a key with the AES_wrap_key. Then I pass the wrapped key output to AES_unwrap_key and it is not able to unwrap it. This is regardless if I use the default IV (passing NULL to the function) or pass an explicit IV.See sample code below. 

Has anybody seen this issue? Any help will be appreciated.
I'm using OpenSSL 1.1.0.f

#include <aes.h>

int
main(int argc, char **argv)
{
    int i;
    int ret;
    unsigned char wrappedKeyData[24];
    unsigned char KEK[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
    unsigned char keyData[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF};
    unsigned char IV[8] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6};
  
    AES_KEY wrp_key;
    AES_set_encrypt_key(KEK, 128, &wrp_key);

    /* wrapping  */
    ret = AES_wrap_key(&wrp_key, NULL, wrappedKeyData, keyData, 16);
    printf("openssl wrapping returns %i\n", ret);
    printf("wrapped keyData: ");
    for (i = 0; i < ret; i++) {
        printf ("%02x", wrappedKeyData[i]);
    }
    printf("\n");

    /* unwrapping */
    unsigned char keyDataOut[16];
    ret = AES_unwrap_key(&wrp_key, NULL, keyDataOut, wrappedKeyData, 24);
    printf("unwrapping openssl returns %i\n", ret);
    printf("unwrapped keyData: ");
    for (i = 0; i < 16; i++) {
        printf ("%02x", keyDataOut[i]) ;
    }
    printf("\n");

    return EXIT_SUCCESS;
}

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: AES_unwrap_key returns 0

Dave Coombs
Hello,

This is just a guess, but try AES_set_decrypt_key() before trying to unwrap?

  -Dave


On Jan 4, 2018, at 13:08, InMotion Man <[hidden email]> wrote:

Hello all,
I'm having trouble using the AES_unwrap_key function. I have tried different things but it always returns 0 and the out buffer does not get written to. 

I can wrap a key with the AES_wrap_key. Then I pass the wrapped key output to AES_unwrap_key and it is not able to unwrap it. This is regardless if I use the default IV (passing NULL to the function) or pass an explicit IV.See sample code below. 

Has anybody seen this issue? Any help will be appreciated.
I'm using OpenSSL 1.1.0.f

#include <aes.h>

int
main(int argc, char **argv)
{
    int i;
    int ret;
    unsigned char wrappedKeyData[24];
    unsigned char KEK[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
    unsigned char keyData[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF};
    unsigned char IV[8] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6};
  
    AES_KEY wrp_key;
    AES_set_encrypt_key(KEK, 128, &wrp_key);

    /* wrapping  */
    ret = AES_wrap_key(&wrp_key, NULL, wrappedKeyData, keyData, 16);
    printf("openssl wrapping returns %i\n", ret);
    printf("wrapped keyData: ");
    for (i = 0; i < ret; i++) {
        printf ("%02x", wrappedKeyData[i]);
    }
    printf("\n");

    /* unwrapping */
    unsigned char keyDataOut[16];
    ret = AES_unwrap_key(&wrp_key, NULL, keyDataOut, wrappedKeyData, 24);
    printf("unwrapping openssl returns %i\n", ret);
    printf("unwrapped keyData: ");
    for (i = 0; i < 16; i++) {
        printf ("%02x", keyDataOut[i]) ;
    }
    printf("\n");

    return EXIT_SUCCESS;
}
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: AES_unwrap_key returns 0

InMotion Man
Hello Dave,
Your guess exactly right. This is my first time using the OpenSSL
library and I didn't know there was a different function to create
encryption and decryption AES_KEY.
Thank you for the help and sorry for the newbie question.
Cheers,
IMM.

On Fri, Jan 5, 2018 at 5:44 AM, Dave Coombs <[hidden email]> wrote:

> Hello,
>
> This is just a guess, but try AES_set_decrypt_key() before trying to unwrap?
>
>   -Dave
>
>
> On Jan 4, 2018, at 13:08, InMotion Man <[hidden email]> wrote:
>
> Hello all,
> I'm having trouble using the AES_unwrap_key function. I have tried different
> things but it always returns 0 and the out buffer does not get written to.
>
> I can wrap a key with the AES_wrap_key. Then I pass the wrapped key output
> to AES_unwrap_key and it is not able to unwrap it. This is regardless if I
> use the default IV (passing NULL to the function) or pass an explicit IV.See
> sample code below.
>
> Has anybody seen this issue? Any help will be appreciated.
> I'm using OpenSSL 1.1.0.f
>
> #include <aes.h>
>
> int
> main(int argc, char **argv)
> {
>     int i;
>     int ret;
>     unsigned char wrappedKeyData[24];
>     unsigned char KEK[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
>     unsigned char keyData[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66,
> 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF};
>     unsigned char IV[8] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6};
>
>     AES_KEY wrp_key;
>     AES_set_encrypt_key(KEK, 128, &wrp_key);
>
>     /* wrapping  */
>     ret = AES_wrap_key(&wrp_key, NULL, wrappedKeyData, keyData, 16);
>     printf("openssl wrapping returns %i\n", ret);
>     printf("wrapped keyData: ");
>     for (i = 0; i < ret; i++) {
>         printf ("%02x", wrappedKeyData[i]);
>     }
>     printf("\n");
>
>     /* unwrapping */
>     unsigned char keyDataOut[16];
>     ret = AES_unwrap_key(&wrp_key, NULL, keyDataOut, wrappedKeyData, 24);
>     printf("unwrapping openssl returns %i\n", ret);
>     printf("unwrapped keyData: ");
>     for (i = 0; i < 16; i++) {
>         printf ("%02x", keyDataOut[i]) ;
>     }
>     printf("\n");
>
>     return EXIT_SUCCESS;
> }
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users