SP800-38F AES kw encryption broken?

Stephan Mueller smueller at chronox.de
Mon Mar 12 08:45:59 CET 2018


The function _gcry_cipher_aeswrap_encrypt seems to be broken as it does not 
produce the expected ciphertext.

When I invoke the encryption operation with the following data

key = f59782f1dceb0544a8da06b34969b9212b55ce6dcbdd0975a33f4b3f88b538da
plain = 73d33060b5f9f2eb5785c0703ddfa704

I obtain the following:

ciphertext = 888268c16299bc292154bd5ee49a27a521d3299e02eff900

However, when I decrypt the ciphertext immediately following the encryption 
operation, I get the following

plain = a6a6a6a6a6a6a6a65785c0703ddfa704

This seems to indicate that the first semiblock of the plaintext does not seem 
to be used at all but rather is replaced with the default IV.

The decryption function works as expected.

Unfortunately the current git repo cannot be compiled ("cannot find mpi-
internal.h", no rule to generate chacha20-sse2-amd64.S) so I cannot debug the 


More information about the Gcrypt-devel mailing list