In attempting to write code to run some CAVP tests for key wrapping, I was pleased to find the new AES key wrapping APIs added recently to EVP; however, it appears that the included support in “e_aes.c” is hardcoded to use the AES encryption function for key wrapping and the AES decryption function for key unwrapping. NIST SP 800-38F specifies that the cipher function can be chosen independently of whether one is wrapping or unwrapping keys; that is, one might choose the AES decryption function as the cipher function for wrapping a key (in which case, the AES encryption function would be used to unwrap the wrapped key).
It seems that the underlying CRYPTO_ APIs for key wrapping in “wrap128.c" would work fine with any choice of block processing function, so it’s really a matter of being able to indicate in the higher-level EVP APIs the “direction” of the cipher function relative to wrapping and unwrapping. Is there any chance of an API change before the 1.0.2 release to add this functionality at the EVP level? (I can try to write the patch myself, but I suspect it will be much faster if somebody who actually has a firm grasp of the APIs does so; I’m still feeling my way around them) -Dan Zimmerman — Daniel M. Zimmerman <[email protected]> Research and Engineering, Galois, Inc.
signature.asc
Description: PGP signature
