<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hello,<div class=""><br class=""></div><div class="">This is just a guess, but try AES_set_decrypt_key() before trying to unwrap?</div><div class=""><br class=""></div><div class=""> -Dave</div><div class=""><br class=""></div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Jan 4, 2018, at 13:08, InMotion Man <<a href="mailto:inmotiont@gmail.com" class="">inmotiont@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><span style="font-size:12.8px" class="">Hello all,</span><div style="font-size:12.8px" class="">I'm having trouble using the AES_unwrap_key function. I have tried different things but it always returns 0 and the out buffer does not get written to. </div><div style="font-size:12.8px" class=""><br class=""></div><div style="font-size:12.8px" class="">I can wrap a key with the AES_wrap_key. Then I pass the wrapped key output to AES_unwrap_key and it is not able to unwrap it. This is regardless if I use the default IV (passing NULL to the function) or pass an explicit IV.See sample code below. </div><div style="font-size:12.8px" class=""><br class=""></div><div style="font-size:12.8px" class="">Has anybody seen this issue? Any help will be appreciated.</div><div style="font-size:12.8px" class="">I'm using OpenSSL 1.1.0.f</div><div style="font-size:12.8px" class=""><br class=""></div><blockquote style="font-size:12.8px;margin:0px 0px 0px 40px;border:none;padding:0px" class=""><div class=""><i class="">#include <aes.h></i></div><div class=""><i class=""><br class=""></i></div><div class=""><i class="">int</i></div><div class=""><i class="">main(int argc, char **argv)</i></div><div class=""><i class="">{</i></div><div class=""><i class=""> int i;</i></div><div class=""><i class=""> int ret;</i></div><div class=""><i class=""> unsigned char wrappedKeyData[24];</i></div><div class=""><i class=""> unsigned char KEK[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};</i></div><div class=""><i class=""> unsigned char keyData[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF};</i></div><div class=""><i class=""> unsigned char IV[8] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6};</i></div><div class=""><i class=""> </i></div><div class=""><i class=""> AES_KEY wrp_key;</i></div><div class=""><i class=""> AES_set_encrypt_key(KEK, 128, &wrp_key);</i></div><div class=""><i class=""><br class=""></i></div><div class=""><i class=""> /* wrapping */</i></div><div class=""><i class=""> ret = AES_wrap_key(&wrp_key, NULL, wrappedKeyData, keyData, 16);</i></div><div class=""><i class=""> printf("openssl wrapping returns %i\n", ret);</i></div><div class=""><i class=""> printf("wrapped keyData: ");</i></div><div class=""><i class=""> for (i = 0; i < ret; i++) {</i></div><div class=""><i class=""> printf ("%02x", wrappedKeyData[i]);</i></div><div class=""><i class=""> }</i></div><div class=""><i class=""> printf("\n");</i></div><div class=""><i class=""><br class=""></i></div><div class=""><i class=""> /* unwrapping */</i></div><div class=""><i class=""> unsigned char keyDataOut[16];</i></div><div class=""><i class=""> ret = AES_unwrap_key(&wrp_key, NULL, keyDataOut, wrappedKeyData, 24);</i></div><div class=""><i class=""> printf("unwrapping openssl returns %i\n", ret);</i></div><div class=""><i class=""> printf("unwrapped keyData: ");</i></div><div class=""><i class=""> for (i = 0; i < 16; i++) {</i></div><div class=""><i class=""> printf ("%02x", keyDataOut[i]) ;</i></div><div class=""><i class=""> }</i></div><div class=""><i class=""> printf("\n");</i></div><div class=""><i class=""><br class=""></i></div><div class=""><i class=""> return EXIT_SUCCESS;</i></div><div class=""><i class="">}</i></div></blockquote></div>
-- <br class="">openssl-users mailing list<br class="">To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" class="">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br class=""></div></blockquote></div><br class=""></div></body></html>