0

I'm trying to use MBED TLS cryptography functions to unwrap a key which has been encrypted using AES-128 key wrapping using a symmetric key, which I have.

I'm new to encryption and my understanding is that key wrapping/unwrapping is different to encrypting/decrypting. Is this correct?

There are examples listed on this page but the aes examples are doing decryption rather than key unwrapping, and the wrap examples are using public keys rather than symmetrical keys.

Is there some reference or example for using MBED TLS to do key-unwrapping using AES-128 encryption?

I have tried simply using the decryption function and I do not get the correct data as a result. See below.

  //Initialise AES context
  mbedtls_aes_init( &aes_ctx );
  //Set-up the context
  mbedtls_aes_setkey_dec( &aes_ctx, AES_key, 128 );
  //Process the encrypted data in blocks of 16 bytes
  for(i = 0; i< encryptedDataLength; i+= 16)
  {
    mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_DECRYPT, pEncryptedData + i, pPlainValue + i); 
  }
  //Free the context
  mbedtls_aes_free( &aes_ctx );

Thanks!

Jim
  • 21
  • 1

1 Answers1

0

I found a solution, using the nist_kw interface

  //Initialise key-wrap context
  mbedtls_nist_kw_init(&kw_ctx);
  //Set up the context
  mbedtls_nist_kw_setkey(&kw_ctx, MBEDTLS_CIPHER_ID_AES, AES_key, 128, 0);

  //Process the encrypted data
  mbedtls_nist_kw_unwrap(&kw_ctx, MBEDTLS_KW_MODE_KW, 
                         pEncryptedData, encrypted_length,
                         pPlainValue, &decrypted_length,
                         encryptedDataLength);

  //Free the context
  mbedtls_nist_kw_free(&kw_ctx);

This decrypts the data correctly for me. Thanks for being my rubber ducky!

Jim
  • 21
  • 1