AES_wrap_key()/AES_unwrap_key() and in-place operation? - Openssl

This is a discussion on AES_wrap_key()/AES_unwrap_key() and in-place operation? - Openssl ; Hi everybody, I'm using OpenSSL 0.9.8i in an embedded project and I have a question related to the (relatively new?) functions to perform AES key wrapping resp. unwrapping. Are these functions meant to be used for in-place operation, i.e. the ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: AES_wrap_key()/AES_unwrap_key() and in-place operation?

  1. AES_wrap_key()/AES_unwrap_key() and in-place operation?

    Hi everybody,

    I'm using OpenSSL 0.9.8i in an embedded project and I have a question
    related to the (relatively new?) functions to perform AES key wrapping
    resp. unwrapping. Are these functions meant to be used for in-place
    operation, i.e. the source and destination buffers are the same? Looking
    at the sources in aes_wrap.c, I'd say they are not at the moment, because
    of a memcpy() right at the beginning:

    memcpy(out + 8, in, inlen);

    resp.

    memcpy(out, in + 8, inlen);

    If in and out point tho the same location, this will result in a memcpy of
    overlapping memory regions, which leads to undefined behaviour. Would it
    be sufficient to replace these memcpy() calls with memmove()? I didn't
    find any documentation about these function in the doc/ subdirectory.

    Best regards

    Alfred Arnold

    --
    Alfred Arnold E-Mail: alfred@ccac.rwth-aachen.de
    Computer Club at the http://john.ccac.rwth-aachen.de:8000/alf/
    Technical University
    of Aachen
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  2. RE: AES_wrap_key()/AES_unwrap_key() and in-place operation?

    With the AES Key Wrap algorithm, the wrapped key is 8 bytes longer than
    the original plaintext key. By default a checkword of A6A6A6A6A6A6A6A6
    is pre-pended to the original plaintext key. In the OpenSSL code, this
    is referred to as the IV. The Checkword plus plaintext key is then
    subjected to several rounds of AES encryption using the Key Encryption
    Key. It appears that the output buffer is used as a working area for
    this process and thus initializes it with the original plaintext key.

    Bill

    -----Original Message-----
    From: owner-openssl-users@openssl.org
    [mailtowner-openssl-users@openssl.org] On Behalf Of Alfred Arnold
    Sent: September 28, 2008 4:54 AM
    To: openssl-users@openssl.org
    Subject: AES_wrap_key()/AES_unwrap_key() and in-place operation?

    Hi everybody,

    I'm using OpenSSL 0.9.8i in an embedded project and I have a question
    related to the (relatively new?) functions to perform AES key wrapping
    resp. unwrapping. Are these functions meant to be used for in-place
    operation, i.e. the source and destination buffers are the same?
    Looking
    at the sources in aes_wrap.c, I'd say they are not at the moment,
    because
    of a memcpy() right at the beginning:

    memcpy(out + 8, in, inlen);

    resp.

    memcpy(out, in + 8, inlen);

    If in and out point tho the same location, this will result in a memcpy
    of
    overlapping memory regions, which leads to undefined behaviour. Would
    it
    be sufficient to replace these memcpy() calls with memmove()? I didn't
    find any documentation about these function in the doc/ subdirectory.

    Best regards

    Alfred Arnold

    --
    Alfred Arnold E-Mail: alfred@ccac.rwth-aachen.de
    Computer Club at the
    http://john.ccac.rwth-aachen.de:8000/alf/
    Technical University
    of Aachen
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  3. RE: AES_wrap_key()/AES_unwrap_key() and in-place operation?

    Hi,

    >With the AES Key Wrap algorithm, the wrapped key is 8 bytes longer than
    >the original plaintext key. By default a checkword of A6A6A6A6A6A6A6A6
    >is pre-pended to the original plaintext key. In the OpenSSL code, this
    >is referred to as the IV. The Checkword plus plaintext key is then
    >subjected to several rounds of AES encryption using the Key Encryption
    >Key. It appears that the output buffer is used as a working area for
    >this process and thus initializes it with the original plaintext key.


    I know quite well how AES key wrap operates and that the result is 8 bytes
    longer than the input data. The buffer in my case would provide the extra
    space without problems. At the moment, I however have to allocate another
    temporary buffer as destination which effectively doubles memory
    requirements - which is anything else but welcome on an embedded
    system...plus I have to copy the wrapped data back into the original
    buffer.

    Out of curiosity, I changed the memcpy() calls to memmove() and in-place
    operation then works as expected. The device by the way is a wireless
    access point, and AES key (un)wrap is used as part of the WPA key
    handshake.

    Best regards

    Alfred Arnold

    --
    Alfred Arnold E-Mail: alfred@ccac.rwth-aachen.de
    Computer Club at the http://john.ccac.rwth-aachen.de:8000/alf/
    Technical University Phone: +49-241-406526
    of Aachen Fax: +49-241-406527

    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread