I have downloaded openssl-0.9.8l and I have builded openssl with 1) ./config --prefix=/home/luca/zz/tmpopenssl/ --openssldir=/home/luca/zz/tmpopenssl/openssldir shared
2) make 3) make test 4)make install It's all ok. I want to test aes_wrap.c under sourceopenssl/crypto/aes. My goal is to generate a cyphertext from palintext with len=0x160 My test vector is a incremental pattern [0...0x5f]. I go under sourceopenssl/crypto/aes and then I run: gcc -I.. -I../.. -I../../include -DAES_WRAP_TEST -L/home/luca/zz/tmpopenssl/lib/. -lssl -L/home/luca/zz/tmpopenssl/lib/. -lcrypto -o aes_wrap aes_wrap.c If I check: ldd aes_wrap: linux-gate.so.1 => (0xb7fd3000) libssl.so.0.9.8 => /home/luca/zz/tmpopenssl/lib/libssl.so.0.9.8 (0xb7f8c000) libcrypto.so.0.9.8 => /home/luca/zz/tmpopenssl/lib/libcrypto.so.0.9.8 (0xb7e40000) libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7ce1000) libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7cdd000) /lib/ld-linux.so.2 (0xb7fd4000) It's ok. If i run aes_wrap with nist test vector i see all ok. But if i run aes key wrap with incremental pattern I get a non correct result because cypertext is not correct ( i know it from other open source lib) Why? Following is my changed aes_wrap.c to see output cyphetext: #include "cryptlib.h" #include <openssl/aes.h> #include <openssl/bio.h> static const unsigned char default_iv[] = { 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, }; int AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out, const unsigned char *in, unsigned int inlen) { unsigned char *A, B[16], *R; unsigned int i, j, t; if ((inlen & 0x7) || (inlen < 8)) return -1; A = B; t = 1; memcpy(out + 8, in, inlen); if (!iv) iv = default_iv; memcpy(A, iv, 8); for (j = 0; j < 6; j++) { R = out + 8; for (i = 0; i < inlen; i += 8, t++, R += 8) { memcpy(B + 8, R, 8); AES_encrypt(B, B, key); A[7] ^= (unsigned char)(t & 0xff); if (t > 0xff) { A[6] ^= (unsigned char)((t & 0xff) >> 8); A[5] ^= (unsigned char)((t & 0xff) >> 16); A[4] ^= (unsigned char)((t & 0xff) >> 24); } memcpy(R, B + 8, 8); } } memcpy(out, A, 8); for (i=0; i< (inlen + 8); i++) //--------modified to see output printf("%2X ",out[i]); printf("\n"); return inlen + 8; } int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out, const unsigned char *in, unsigned int inlen) { unsigned char *A, B[16], *R; unsigned int i, j, t; inlen -= 8; if (inlen & 0x7) return -1; if (inlen < 8) return -1; A = B; t = 6 * (inlen >> 3); memcpy(A, in, 8); memcpy(out, in + 8, inlen); for (j = 0; j < 6; j++) { R = out + inlen - 8; for (i = 0; i < inlen; i += 8, t--, R -= 8) { A[7] ^= (unsigned char)(t & 0xff); if (t > 0xff) { A[6] ^= (unsigned char)((t & 0xff) >> 8); A[5] ^= (unsigned char)((t & 0xff) >> 16); A[4] ^= (unsigned char)((t & 0xff) >> 24); } memcpy(B + 8, R, 8); AES_decrypt(B, B, key); memcpy(R, B + 8, 8); } } if (!iv) iv = default_iv; if (memcmp(A, iv, 8)) { OPENSSL_cleanse(out, inlen); return 0; } return inlen; } #ifdef AES_WRAP_TEST int AES_wrap_unwrap_test(const unsigned char *kek, int keybits, const unsigned char *iv, const unsigned char *eout, const unsigned char *key, int keylen) { unsigned char *otmp = NULL, *ptmp = NULL; int r, ret = 0; AES_KEY wctx; otmp = OPENSSL_malloc(keylen + 8); ptmp = OPENSSL_malloc(keylen); if (!otmp || !ptmp) return 0; if (AES_set_encrypt_key(kek, keybits, &wctx)) goto err; r = AES_wrap_key(&wctx, iv, otmp, key, keylen); if (r <= 0) goto err; if (eout && memcmp(eout, otmp, keylen)) goto err; if (AES_set_decrypt_key(kek, keybits, &wctx)) goto err; r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r); if (memcmp(key, ptmp, keylen)) goto err; ret = 1; err: if (otmp) OPENSSL_free(otmp); if (ptmp) OPENSSL_free(ptmp); return ret; } #define LENKW 0x160 int main(int argc, char **argv) { static const unsigned char kek[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }; static const unsigned char key[] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; static const unsigned char e1[] = { 0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47, 0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82, 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5 }; static const unsigned char e2[] = { 0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35, 0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2, 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d }; static const unsigned char e3[] = { 0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2, 0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a, 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7 }; static const unsigned char e4[] = { 0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32, 0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc, 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93, 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2 }; static const unsigned char e5[] = { 0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f, 0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4, 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95, 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1 }; static const unsigned char e6[] = { 0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4, 0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26, 0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26, 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b, 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21 }; AES_KEY wctx, xctx; int ret; ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16); fprintf(stderr, "Key test result %d\n", ret); ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16); fprintf(stderr, "Key test result %d\n", ret); ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16); fprintf(stderr, "Key test result %d\n", ret); ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24); fprintf(stderr, "Key test result %d\n", ret); ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24); fprintf(stderr, "Key test result %d\n", ret); ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32); fprintf(stderr, "Key test result %d\n", ret); ///// my added code int i; unsigned char kd[LENKW]; for (i=0; i<LENKW; i++) //my incremental test vector { kd[i]=i; } printf("-----INPUT----\n"); for (i=0; i< LENKW; i++) printf("%d %2X\n ",i,kd[i]); printf("\n"); printf("-----OUTPUT----\n"); ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, kd, LENKW); fprintf(stderr, "Key test result %d\n", ret); } #endif Following input and output : 1F A6 8B A 81 12 B4 47 AE F3 4B D8 FB 5A 7B 82 9D 3E 86 23 71 D2 CF E5 Key test result 1 96 77 8B 25 AE 6C A4 35 F9 2B 5B 97 C0 50 AE D2 46 8A B8 A1 7A D8 4E 5D Key test result 1 64 E8 C3 F9 CE F 5B A2 63 E9 77 79 5 81 8A 2A 93 C8 19 1E 7D 6E 8A E7 Key test result 1 3 1D 33 26 4E 15 D3 32 68 F2 4E C2 60 74 3E DC E1 C6 C7 DD EE 72 5A 93 6B A8 14 91 5C 67 62 D2 Key test result 1 A8 F9 BC 16 12 C6 8B 3F F6 E6 F4 FB E3 E 71 E4 76 9C 8B 80 A3 2C B8 95 8C D5 D1 7D 6B 25 4D A1 Key test result 1 28 C9 F4 4 C4 B8 10 F4 CB CC B3 5C FB 87 F8 26 3F 57 86 E2 D8 E D3 26 CB C7 F0 E7 1A 99 F4 3B FB 98 8B 9B 7A 2 DD 21 Key test result 1 -----INPUT---- 0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 8 8 9 9 10 A 11 B 12 C 13 D 14 E 15 F 16 10 17 11 18 12 19 13 20 14 21 15 22 16 23 17 24 18 25 19 26 1A 27 1B 28 1C 29 1D 30 1E 31 1F 32 20 33 21 34 22 35 23 36 24 37 25 38 26 39 27 40 28 41 29 42 2A 43 2B 44 2C 45 2D 46 2E 47 2F 48 30 49 31 50 32 51 33 52 34 53 35 54 36 55 37 56 38 57 39 58 3A 59 3B 60 3C 61 3D 62 3E 63 3F 64 40 65 41 66 42 67 43 68 44 69 45 70 46 71 47 72 48 73 49 74 4A 75 4B 76 4C 77 4D 78 4E 79 4F 80 50 81 51 82 52 83 53 84 54 85 55 86 56 87 57 88 58 89 59 90 5A 91 5B 92 5C 93 5D 94 5E 95 5F 96 60 97 61 98 62 99 63 100 64 101 65 102 66 103 67 104 68 105 69 106 6A 107 6B 108 6C 109 6D 110 6E 111 6F 112 70 113 71 114 72 115 73 116 74 117 75 118 76 119 77 120 78 121 79 122 7A 123 7B 124 7C 125 7D 126 7E 127 7F 128 80 129 81 130 82 131 83 132 84 133 85 134 86 135 87 136 88 137 89 138 8A 139 8B 140 8C 141 8D 142 8E 143 8F 144 90 145 91 146 92 147 93 148 94 149 95 150 96 151 97 152 98 153 99 154 9A 155 9B 156 9C 157 9D 158 9E 159 9F 160 A0 161 A1 162 A2 163 A3 164 A4 165 A5 166 A6 167 A7 168 A8 169 A9 170 AA 171 AB 172 AC 173 AD 174 AE 175 AF 176 B0 177 B1 178 B2 179 B3 180 B4 181 B5 182 B6 183 B7 184 B8 185 B9 186 BA 187 BB 188 BC 189 BD 190 BE 191 BF 192 C0 193 C1 194 C2 195 C3 196 C4 197 C5 198 C6 199 C7 200 C8 201 C9 202 CA 203 CB 204 CC 205 CD 206 CE 207 CF 208 D0 209 D1 210 D2 211 D3 212 D4 213 D5 214 D6 215 D7 216 D8 217 D9 218 DA 219 DB 220 DC 221 DD 222 DE 223 DF 224 E0 225 E1 226 E2 227 E3 228 E4 229 E5 230 E6 231 E7 232 E8 233 E9 234 EA 235 EB 236 EC 237 ED 238 EE 239 EF 240 F0 241 F1 242 F2 243 F3 244 F4 245 F5 246 F6 247 F7 248 F8 249 F9 250 FA 251 FB 252 FC 253 FD 254 FE 255 FF 256 0 257 1 258 2 259 3 260 4 261 5 262 6 263 7 264 8 265 9 266 A 267 B 268 C 269 D 270 E 271 F 272 10 273 11 274 12 275 13 276 14 277 15 278 16 279 17 280 18 281 19 282 1A 283 1B 284 1C 285 1D 286 1E 287 1F 288 20 289 21 290 22 291 23 292 24 293 25 294 26 295 27 296 28 297 29 298 2A 299 2B 300 2C 301 2D 302 2E 303 2F 304 30 305 31 306 32 307 33 308 34 309 35 310 36 311 37 312 38 313 39 314 3A 315 3B 316 3C 317 3D 318 3E 319 3F 320 40 321 41 322 42 323 43 324 44 325 45 326 46 327 47 328 48 329 49 330 4A 331 4B 332 4C 333 4D 334 4E 335 4F 336 50 337 51 338 52 339 53 340 54 341 55 342 56 343 57 344 58 345 59 346 5A 347 5B 348 5C 349 5D 350 5E 351 5F -----OUTPUT---- 7E 18 8E DA 81 B0 D6 BA 39 64 46 EC 42 61 14 EB 1E B8 C6 21 82 0 52 8D D6 D1 62 95 36 52 91 78 EE 8D D5 B 3F 90 17 5B F7 45 E6 85 3E 39 D0 C9 8D E7 81 C5 EB 32 3F 92 10 22 C4 57 7C 71 2E D A6 54 C2 31 AA 80 10 74 25 BB 4E C8 A5 94 B1 F4 2F 11 FB 77 50 52 97 75 2D 97 3A 6B 87 B0 D5 A4 37 F1 89 A5 79 82 FC 87 E DA 8D 68 D2 B7 58 9 F2 33 38 80 38 72 5D A8 16 A 41 BE B3 72 8D 54 4D C5 95 27 74 D4 8F F9 CB 54 47 B8 E4 5 51 D5 79 EF 3 ED 22 76 9B 32 46 2A CD FC 3F E0 75 A4 D3 1F E9 B2 35 B9 68 C7 D5 CD 47 4D B4 7E 50 B4 5C 2C E5 12 1A AE 52 79 B2 17 D7 97 8C A0 7C 2D 9B 29 EF 8 20 16 70 69 82 10 B5 6 70 F6 40 2 5E 5A 4F 5A 6D 90 7A C6 6B 46 B1 9E D9 C1 63 EC A5 A3 D2 DC 85 17 3E 80 4A 29 B5 31 2C AF 5 EB 3A A 83 3A DC 50 AA 8B A6 E8 BE 9F 6 81 2E C2 AF 64 40 2 1F C9 37 BD 5A 4E 14 1F A8 93 67 D1 43 71 FF C3 93 F9 39 3A 47 5 E3 45 67 C 2E B3 1C B2 14 68 E 62 52 E5 12 D2 B4 BB 63 3A 83 1E CB 9F 74 CF 6C 26 AB 68 35 EA 21 D6 B9 8A E3 53 28 E1 9F A4 14 E0 B8 9C C6 3 8 A3 73 46 B6 20 30 A7 45 8A 5B 89 9F FC C4 B8 2B B1 5B 8D B3 F9 4B C8 5B C1 83 76 98 B0 Correct output is: 9CAAE82C702B5D21396446EC426114EB1EB8C6218200528DD6D1629536529178EE8DD50B3F90175BF745E6853E39D0C98DE7 81C5EB323F921022C4577C712E0DA654C231AA80107425BB4EC8A594B1F42F11FB77505297752D973A6B87B0D5A437F189A57982FC87 0EDA8D68D2B75809F233388038725DA8160A41BEB3728D544DC5952774D48FF9CB5447B8E40551D579EF03ED22769B32462ACDFC3FE0 75A4D31FE9B235B968C7D5CD474DB47E50B45C2CE5121AAE5279B217D7978CA07C2D9B29EF08201670698210B50670F640025E5A4F5A 6D907AC66B46B19ED9C163ECA5A3D2DC85173E804A29B5312CAF05EB3A0A833ADC50AA8BA6E8BE9F06812EC2AF6440021FC937BD5A4E 141FA89367D14371FFC393F9393A4705E345670C2EB31CB214680E6252E5341688D16C664DCA362DB24DE06F6BF759EBC6C2305A9791 A391770173604D2B52E03B6009C993A25051087E5207483887542E0969A61B1A9413DEF78D57BAF6 I'm only interested to see ciphertext so result=0 because I use e1 But output is not correct. If I use icremetal test vector up to 0x150 (LENKW = 0x150) cyphertext is correct, beyond 0x150 not correct. Why? Luca Pellanda