AES-Wrap

Werner Koch wk at gnupg.org
Wed Dec 9 11:12:46 CET 2009


Hi!

I just finished an implementation of the AES-Wrap algorithm as
specified in rfc3394 and a similar NIST spec.  It is implemented as a
new cipher mode so that the algorithm may optionally be used with any
128 bit block cipher.

Example encryption code:

  gcry_error_t err;
  gcry_cipher_hd_t hd;
  unsigned char outbuf[32+8];
  size_t outbuflen;
  int i;

  err = gcry_cipher_open (&hd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_AESWRAP, 0);
  if (err)
    {
      fail ("gcrypt_cipher_open failed: %s\n", gpg_strerror (err));
      return;
    }

  err = gcry_cipher_setkey (hd, kek, 128/8);
  if (err)
    {
      fail ("grcy_cipher_setkey failed: %s\n", gpg_strerror (err));
      return;
    }

  outbuflen = datalen + 8;
  if (outbuflen > sizeof outbuf)
    err = gpg_error (GPG_ERR_INTERNAL);
  else
    err = gcry_cipher_encrypt (hd, outbuf, outbuflen, data, datalen);
  if (err)
    {
      fail ("grcy_cipher_encrypt failed: %s\n", gpg_strerror (err));
      return;
    }

  fprintf (stderr, "Ciphertext:");
  for (i = 0; i < outbuflen; i++)
    fprintf (stderr, " %02x", outbuf[i]);
  putc ('\n', stderr);


decryption is similar:

  ... create handle and set key ...

  outbuflen = datalen - 8;
  if (outbuflen > sizeof outbuf)
    err = gpg_error (GPG_ERR_INTERNAL);
  else
    err = gcry_cipher_decrypt (hd, outbuf, outbuflen, data, datalen);
  if (err)
    {
      fail ("grcy_cipher_decrypt failed: %s\n", gpg_strerror (err));
      return;
    }

  fprintf (stderr, "Plaintext:");
  for (i = 0; i < outbuflen; i++)
    fprintf (stderr, " %02x", outbuf[i]);
  putc ('\n', stderr);



Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gcrypt-devel mailing list