diff --git a/Doc/src/cipher/classic.rst b/Doc/src/cipher/classic.rst index 79d9e66c..e3a0823c 100644 --- a/Doc/src/cipher/classic.rst +++ b/Doc/src/cipher/classic.rst @@ -374,3 +374,11 @@ A variant of CFB, with two differences: Like for CTR, an OpenPGP cipher object has a read-only attribute :attr:`iv`. +.. _wrap_mode: + +Key Wrap mode +-------- +The `Key Wrap Algorithm `_, +defined in `NIST SP 800-38F, section 6 `_. +It is a historical precursor to SIV mode, allowing securely wrapping multiple +keys by the same KEK without needing a nonce. diff --git a/lib/Crypto/Cipher/AES.py b/lib/Crypto/Cipher/AES.py index 40441f4c..bd0f0408 100644 --- a/lib/Crypto/Cipher/AES.py +++ b/lib/Crypto/Cipher/AES.py @@ -41,6 +41,7 @@ MODE_SIV = 10 #: Synthetic Initialization Vector (:ref:`siv_mode`) MODE_GCM = 11 #: Galois Counter Mode (:ref:`gcm_mode`) MODE_OCB = 12 #: Offset Code Book (:ref:`ocb_mode`) +MODE_WRAP = 13 #: NIST Key Wrap (:ref:`wrap_mode`) _cproto = """ diff --git a/lib/Crypto/Cipher/__init__.py b/lib/Crypto/Cipher/__init__.py index ba2d4855..e111f850 100644 --- a/lib/Crypto/Cipher/__init__.py +++ b/lib/Crypto/Cipher/__init__.py @@ -35,14 +35,16 @@ from Crypto.Cipher._mode_siv import _create_siv_cipher from Crypto.Cipher._mode_gcm import _create_gcm_cipher from Crypto.Cipher._mode_ocb import _create_ocb_cipher +from Crypto.Cipher._mode_wrap import _create_wrap_cipher -_modes = { 1:_create_ecb_cipher, - 2:_create_cbc_cipher, - 3:_create_cfb_cipher, - 5:_create_ofb_cipher, - 6:_create_ctr_cipher, - 7:_create_openpgp_cipher, - 9:_create_eax_cipher +_modes = { 1:_create_ecb_cipher, + 2:_create_cbc_cipher, + 3:_create_cfb_cipher, + 5:_create_ofb_cipher, + 6:_create_ctr_cipher, + 7:_create_openpgp_cipher, + 9:_create_eax_cipher, + 13:_create_wrap_cipher } _extra_modes = { 8:_create_ccm_cipher,