Add RFC 3394 keywrap

This is needed for compatibility with OpenSSL's default CMS KDF,
and pretty much nothing else that I could find.

Doc/src/cipher/classic.rst

@@ -374,3 +374,11 @@ A variant of CFB, with two differences:
 
 Like for CTR, an OpenPGP cipher object has a read-only attribute :attr:`iv`.
 
+.. _wrap_mode:
+
+Key Wrap mode
+--------
+The `Key Wrap Algorithm <https://tools.ietf.org/html/rfc4880>`_,
+defined in `NIST SP 800-38F, section 6 <https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf>`_.
+It is a historical precursor to SIV mode, allowing securely wrapping multiple
+keys by the same KEK without needing a nonce.

lib/Crypto/Cipher/AES.py

@@ -41,6 +41,7 @@
 MODE_SIV = 10       #: Synthetic Initialization Vector (:ref:`siv_mode`)
 MODE_GCM = 11       #: Galois Counter Mode (:ref:`gcm_mode`)
 MODE_OCB = 12       #: Offset Code Book (:ref:`ocb_mode`)
+MODE_WRAP = 13      #: NIST Key Wrap (:ref:`wrap_mode`)
 
 
 _cproto = """

lib/Crypto/Cipher/__init__.py

@@ -35,14 +35,16 @@
 from Crypto.Cipher._mode_siv import _create_siv_cipher
 from Crypto.Cipher._mode_gcm import _create_gcm_cipher
 from Crypto.Cipher._mode_ocb import _create_ocb_cipher
+from Crypto.Cipher._mode_wrap import _create_wrap_cipher
 
-_modes = { 1:_create_ecb_cipher,
-           2:_create_cbc_cipher,
-           3:_create_cfb_cipher,
-           5:_create_ofb_cipher,
-           6:_create_ctr_cipher,
-           7:_create_openpgp_cipher,
-           9:_create_eax_cipher
+_modes = {  1:_create_ecb_cipher,
+            2:_create_cbc_cipher,
+            3:_create_cfb_cipher,
+            5:_create_ofb_cipher,
+            6:_create_ctr_cipher,
+            7:_create_openpgp_cipher,
+            9:_create_eax_cipher,
+           13:_create_wrap_cipher
            }
 
 _extra_modes = { 8:_create_ccm_cipher,