[openssl-users] EVP AES Wrap

[Matt Caswell]

On 16/05/18 18:55, Luís Martins wrote:
> Hi,
> 
>     I'm trying to use the EVP AES wrap implementations from openssl
> (e.g. EVP_aes_128/192/256_wrap()) but I'm getting the following error in
> EVP_EncryptInit_ex() f:
>     error:0607B0AA:digital envelope routines:EVP_CipherInit_ex:wrap mode
> not allowed
>     I've search the documentation for examples or guidance but I
> couldn't find anything related to this.
>     Any experienced the same issue ?

You need to enable wrap mode:

EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);

The EVP encrypt routines set an expectation about how long the output
might be for a given input:

"EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and
writes the encrypted version to B<out>. This function can be called
multiple times to encrypt successive blocks of data. The amount
of data written depends on the block alignment of the encrypted data:
as a result the amount of data written may be anything from zero bytes
to (inl + cipher_block_size - 1) so B<out> should contain sufficient
room."

The wrap modes do not obey this rule and may return more data, so you
have to explicitly enable the mode to say that you are prepared for the
output.

Matt


> 
>     My pseudo code is:
> 
>         EVP_CIPHER_CTX ctx;
>         EVP_CIPHER_CTX_init(&ctx);
>         if (EVP_EncryptInit_ex(&ctx, EVP_aes_128_wrap(), 0,
> keyEncriptionKey, iv) != 1)
>              // process error
>         if ( EVP_EncryptUpdate(&ctx, bufferOut, &processedSize,
> plaintext, plaintextSize) != 1)
>              // process error
>         if (EVP_EncryptFinal_ex(&ctx, bufferOut + processedSize,
> &tmpSize) != 1)
>              // process error
>         EVP_CIPHER_CTX_cleanup(&ctx);
> 
> Regards,
> Luís
> 
>