Closed bocumix closed 5 months ago
Hi @bocumix, I believe the confusion solution is found in section 5.2 of the SP800-38F publication:
Within the authenticated-encryption function, the wrapping function is applied to an enlarged
plaintext string to produce the ciphertext. Each key-wrap variant enlarges the plaintext by
prepending a fixed string called the integrity check value (ICV); for KWP-AE, the enlarged
plaintext also includes a 32-bit encoding of the octet length of the plaintext and possibly some
“zero” octets as padding.
The function you're referring to is found within the Unit Test files for the algorithms. The one you referenced is calling an Encrypt
function which is just a KeyWrapAes method wrapper for the Wrap
method within the KeyWrapBaseAes file.
Hope this helps, and if you have any more questions, please ask! Thanks!
The algorithm given in NIST 800-38F publication defines the number of iteration as s = 6 (n-1) in Section 6.1 -> Algorithm 1 -> step 1a. "n" is defined as number of semi-blocks for the given input size.
On the contrary, when code is implemented for the test vectors in "KeyWrapAesTests.cs", iteration number is defined as: 6 * (((payloadSize + KeyWrapAes.Icv1.BitLength) / 64) - 1) which means IV length is also added to computation which I believe contradicts with the definition and generates wrong test vectors.