SP800-38F AES kw encryption broken?
smueller at chronox.de
Mon Mar 12 08:45:59 CET 2018
The function _gcry_cipher_aeswrap_encrypt seems to be broken as it does not
produce the expected ciphertext.
When I invoke the encryption operation with the following data
key = f59782f1dceb0544a8da06b34969b9212b55ce6dcbdd0975a33f4b3f88b538da
plain = 73d33060b5f9f2eb5785c0703ddfa704
I obtain the following:
ciphertext = 888268c16299bc292154bd5ee49a27a521d3299e02eff900
However, when I decrypt the ciphertext immediately following the encryption
operation, I get the following
plain = a6a6a6a6a6a6a6a65785c0703ddfa704
This seems to indicate that the first semiblock of the plaintext does not seem
to be used at all but rather is replaced with the default IV.
The decryption function works as expected.
Unfortunately the current git repo cannot be compiled ("cannot find mpi-
internal.h", no rule to generate chacha20-sse2-amd64.S) so I cannot debug the
More information about the Gcrypt-devel