Thanks Dave for clarifying this... was pulled into something else so couldn't reply back ...
Dave Thompson-5 wrote: > >> From: owner-openssl-us...@openssl.org On Behalf Of pkumarn >> Sent: Monday, 05 March, 2012 23:35 >> To: openssl-users@openssl.org >> Subject: Need help on using AES_wrap_key() function > >> 1. As i understand AES_wrap_key(), first argument AES_KEY >> *key is the key >> which needs to be wrapped and *in is the wrapping key. >> Correct me if i am >> wrong. >> >> int AES_wrap_key(AES_KEY *key, const unsigned char *iv, >> unsigned char *out, >> const unsigned char *in, unsigned int inlen) >> > In any key wrap/unwrap operation, the key used as a key > (here key) is the wrapping key (KEK), and the key treated as data > (here in for inlen) is the key to be wrapped/unwrapped (DEK). > > Thanks for clarifying this... > >> 2. By looking at the code, i see AES_wrap_key() supports max >> of 480 bits [ >> unsigned long rd_key[4 *(AES_MAXNR + 1)];] and my project >> demands to support >> 512 bits of key. How do i do this? >> <snip from aes.h> > > An AES key is only 128, 192, or 256 bits. Period. > The additional data in OpenSSL's AES_KEY structure (which > totals 1920 bits, not 480) are pre-expanded round keys, > which make the implementation more efficient (on average). > > If you want a 512-bit *wrapping* key, you can't wrap with > AES. You'll have to use something else. Maybe Twofish? > > : As i was confused between KEK and DEK parameters in AES key wrap > funtion, here is the correct one > KEK is 25 bits and DEK is 512 bits... i hope this can be used in AES key > wrap function > > The *data* key (the key you wrap) can be any multiple of 8bytes > you want (that fits in memory). There are few symmetric algorithms > that can actually use 512-bits of key, at least anytime soon. > >> eg: Below is the key which i want to encrypt and use HMAC for >> wrapping it... >> >> DEK = fb28cb4ec469b09a4ab170f4c846fe875b1cf5f264658145937b5cb9fe63be >> HMAC: 501bc4b446a12c0259d4484dfc42467843cfab02fb7cf8081b13f71b56e7596c >> > You can't wrap with HMAC, it's not reversible. You could conceivably > use the same key for wrapping a key *and* HMAC of something else, > but this is poor practice; in general you should always use different > keys (although they can be derived, irreversibly, from the same source) > for different types of crypto operations (encrypt, sign, wrap, etc.) > > Your HMAC value is apparently 264 bits in hex; that can't be the output > with any standard hash (e.g. HMAC-SHA1, HMAC-SHA256 etc.) and would be > an unusual (though possible) size for a truncated HMAC or an HMAC key. > > : I think i pasted wrong HMAC message. My HMAC is derived on a Password > and Salt value and i store the salt value in a immutable location on > flash. >> >> 3. I am also stuck on how to convert this DEK string into >> integer which can >> store 512 bits... >> > Your DEK value above is obviously in hex, and (thus) 256 bits. > > Most programming languages do not directly support integers over > 128 bits, because most CPUs don't (yet). Some languages like LISP > and Python provide larger integers using multiple machine words > (usually called bignums or multiprecision or MP numbers). In C > you must write code or use a library; the OpenSSL BN component is > such a library and has routines among others to read and write hex. > > But you probably don't want an integer at all, you probably just > want bits. The keys for *public-key* crypto (RSA, DSA, DH, ECDSA, > ECDH) involve true integers, represented for transmission in bits. > The keys for symmetric algorithms are just bits, and you might as > well transmit and store them as bits. You can store them as chunks > in C integer variables of 32bits or 64bits or whatever, whose > types depend on your machine and C compiler although 'unsigned long' > must be *at least* 32 and C99 'unsigned long long' *at least* 64. > C99 adds a new header stdint.h with types that can specify exact > bit widths (if supported by hardware, which they usually are). > > In particular the data you pass to AES_wrap_key, and get back from > AES_unwrap_key, is an array of unsigned char of the correct size > (nbits/8, rounded up to a multiple of 8 if necessary per above). > If that DEK is the key you want to wrap, then this representation > is the representation you need for that DEK. Just convert each > two hex chars into one unsigned char. In C you can use strtol > (on a null-terminated copy) or sscanf (on the buffer directly), > or you can just write about 5 lines of open code; in all cases > you need to consider what error checking to do or if your caller(s) > or source(s) have already handled that. > > : As AES key is an array, i will try as you have suggested. > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > -- View this message in context: http://old.nabble.com/Need-help-on-using-AES_wrap_key%28%29-function-tp33448401p33507767.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
