[openssl-users] AES_unwrap_key returns 0

Dave Coombs dcoombs at carillon.ca
Fri Jan 5 13:44:35 UTC 2018 

Hello,

This is just a guess, but try AES_set_decrypt_key() before trying to unwrap?

  -Dave


> On Jan 4, 2018, at 13:08, InMotion Man <inmotiont at gmail.com> wrote:
> 
> Hello all,
> I'm having trouble using the AES_unwrap_key function. I have tried different things but it always returns 0 and the out buffer does not get written to. 
> 
> I can wrap a key with the AES_wrap_key. Then I pass the wrapped key output to AES_unwrap_key and it is not able to unwrap it. This is regardless if I use the default IV (passing NULL to the function) or pass an explicit IV.See sample code below. 
> 
> Has anybody seen this issue? Any help will be appreciated.
> I'm using OpenSSL 1.1.0.f
> 
> #include <aes.h>
> 
> int
> main(int argc, char **argv)
> {
>     int i;
>     int ret;
>     unsigned char wrappedKeyData[24];
>     unsigned char KEK[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
>     unsigned char keyData[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF};
>     unsigned char IV[8] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6};
>   
>     AES_KEY wrp_key;
>     AES_set_encrypt_key(KEK, 128, &wrp_key);
> 
>     /* wrapping  */
>     ret = AES_wrap_key(&wrp_key, NULL, wrappedKeyData, keyData, 16);
>     printf("openssl wrapping returns %i\n", ret);
>     printf("wrapped keyData: ");
>     for (i = 0; i < ret; i++) {
>         printf ("%02x", wrappedKeyData[i]);
>     }
>     printf("\n");
> 
>     /* unwrapping */
>     unsigned char keyDataOut[16];
>     ret = AES_unwrap_key(&wrp_key, NULL, keyDataOut, wrappedKeyData, 24);
>     printf("unwrapping openssl returns %i\n", ret);
>     printf("unwrapped keyData: ");
>     for (i = 0; i < 16; i++) {
>         printf ("%02x", keyDataOut[i]) ;
>     }
>     printf("\n");
> 
>     return EXIT_SUCCESS;
> }
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180105/824b95fe/attachment.html>

More information about the openssl-users mailing list