> From: owner-openssl-us...@openssl.org On Behalf Of pkumarn > Sent: Monday, 05 March, 2012 23:35 > To: openssl-users@openssl.org > Subject: Need help on using AES_wrap_key() function
> 1. As i understand AES_wrap_key(), first argument AES_KEY > *key is the key > which needs to be wrapped and *in is the wrapping key. > Correct me if i am > wrong. > > int AES_wrap_key(AES_KEY *key, const unsigned char *iv, > unsigned char *out, > const unsigned char *in, unsigned int inlen) > In any key wrap/unwrap operation, the key used as a key (here key) is the wrapping key (KEK), and the key treated as data (here in for inlen) is the key to be wrapped/unwrapped (DEK). > 2. By looking at the code, i see AES_wrap_key() supports max > of 480 bits [ > unsigned long rd_key[4 *(AES_MAXNR + 1)];] and my project > demands to support > 512 bits of key. How do i do this? > <snip from aes.h> An AES key is only 128, 192, or 256 bits. Period. The additional data in OpenSSL's AES_KEY structure (which totals 1920 bits, not 480) are pre-expanded round keys, which make the implementation more efficient (on average). If you want a 512-bit *wrapping* key, you can't wrap with AES. You'll have to use something else. Maybe Twofish? The *data* key (the key you wrap) can be any multiple of 8bytes you want (that fits in memory). There are few symmetric algorithms that can actually use 512-bits of key, at least anytime soon. > eg: Below is the key which i want to encrypt and use HMAC for > wrapping it... > > DEK = fb28cb4ec469b09a4ab170f4c846fe875b1cf5f264658145937b5cb9fe63be > HMAC: 501bc4b446a12c0259d4484dfc42467843cfab02fb7cf8081b13f71b56e7596c > You can't wrap with HMAC, it's not reversible. You could conceivably use the same key for wrapping a key *and* HMAC of something else, but this is poor practice; in general you should always use different keys (although they can be derived, irreversibly, from the same source) for different types of crypto operations (encrypt, sign, wrap, etc.) Your HMAC value is apparently 264 bits in hex; that can't be the output with any standard hash (e.g. HMAC-SHA1, HMAC-SHA256 etc.) and would be an unusual (though possible) size for a truncated HMAC or an HMAC key. > > 3. I am also stuck on how to convert this DEK string into > integer which can > store 512 bits... > Your DEK value above is obviously in hex, and (thus) 256 bits. Most programming languages do not directly support integers over 128 bits, because most CPUs don't (yet). Some languages like LISP and Python provide larger integers using multiple machine words (usually called bignums or multiprecision or MP numbers). In C you must write code or use a library; the OpenSSL BN component is such a library and has routines among others to read and write hex. But you probably don't want an integer at all, you probably just want bits. The keys for *public-key* crypto (RSA, DSA, DH, ECDSA, ECDH) involve true integers, represented for transmission in bits. The keys for symmetric algorithms are just bits, and you might as well transmit and store them as bits. You can store them as chunks in C integer variables of 32bits or 64bits or whatever, whose types depend on your machine and C compiler although 'unsigned long' must be *at least* 32 and C99 'unsigned long long' *at least* 64. C99 adds a new header stdint.h with types that can specify exact bit widths (if supported by hardware, which they usually are). In particular the data you pass to AES_wrap_key, and get back from AES_unwrap_key, is an array of unsigned char of the correct size (nbits/8, rounded up to a multiple of 8 if necessary per above). If that DEK is the key you want to wrap, then this representation is the representation you need for that DEK. Just convert each two hex chars into one unsigned char. In C you can use strtol (on a null-terminated copy) or sscanf (on the buffer directly), or you can just write about 5 lines of open code; in all cases you need to consider what error checking to do or if your caller(s) or source(s) have already handled that. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
