AES_CBC for wrapping

[vas777]

Thanks for such a nice library.

I was trying to extract RSA keys in PKCS#8 format. C_WrapKey is an encryption of PKCS#8 encoding, so I just attempted to first wrap the key with AES_CBC and then decrypt C_Decrypt wrapped data. This approach works fine for RSA of size 1024 and I see DER data of the key (using openssl asn1parse -inform DER -in file ), but for some reason with bigger keys 2048, 4096 and as well with EC types of keys I get CKR_GENERAL_ERROR from C_WrapKey and log shows
BotanSymmetricAlgorithm.cpp(311): Failed to encrypt the data

So I decided to ask what could be a reason for this problem? Is it a bug or an inherent problem with the approach ( some padding/size issue)?

Probably it is an incorrect way to do get PKCS#8, but because of this weird behavior and absence of a test for AES_CBC for wrapping I have decided to ask.

Thanks for your answer and your time.

[rijswijk]

It's probably not advisable to use AES_CBC as mechanism, please have a look at the PKCS #11 test suite, in particular at SymmetricAlgorithmTests.cpp, this should show you plenty of examples on how to wrap and unwrap.

[vas777]

Thank your for the answer. I got acquainted with SymmetricAlgorithmTests.cpp before writing the question.

Basically, the essence of my inquiry is : is there a way in current implementation to get data (decrypt it) that got 'wrapped' with CKM_AES_KEY_WRAP or CKM_AES_KEY_WRAP_PAD without 'C_UnwrapKey' ? ( C_WrapKey with CKM_AES_KEY_WRAP and C_Decrypt with CKM_AES_ECB does not work )

Thanks for your answer and your time.

[rijswijk]

Ah, OK; the mechanism CKM_AES_KEY_WRAP or CKM_AES_KEY_WRAP_PAD is explained in RFC 5649, maybe that helps you decrypt it.

[vas777]

Thanks for the answers. That means that current implementation does not have a safe way to do what I was asking about.

[rijswijk]

OK, then I will close the issue.