implement AES KW with padding (RFC 5649) (#3880)

* implement AES KW with padding (RFC 5649)

fixes #3791

* oops, 2.2

* make sure this is the right valueerror

* more match

* make key padding easier to read

* review feedback

* review feedback

1 files changed, 39 insertions, 0 deletions

diff --git a/docs/hazmat/primitives/keywrap.rst b/docs/hazmat/primitives/keywrap.rst
index 95cae8d7..1c15f9d1 100644
--- a/docs/hazmat/primitives/keywrap.rst
+++ b/docs/hazmat/primitives/keywrap.rst
@@ -50,6 +50,45 @@ protections offered by key wrapping are also offered by using authenticated
     :raises cryptography.hazmat.primitives.keywrap.InvalidUnwrap: This is
         raised if the key is not successfully unwrapped.
 
+.. function:: aes_key_wrap_with_padding(wrapping_key, key_to_wrap, backend)
+
+    .. versionadded:: 2.2
+
+    This function performs AES key wrap with padding as specified in
+    :rfc:`5649`.
+
+    :param bytes wrapping_key: The wrapping key.
+
+    :param bytes key_to_wrap: The key to wrap.
+
+    :param backend: A
+        :class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
+        instance that supports
+        :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES`.
+
+    :return bytes: The wrapped key as bytes.
+
+.. function:: aes_key_unwrap_with_padding(wrapping_key, wrapped_key, backend)
+
+    .. versionadded:: 2.2
+
+    This function performs AES key unwrap with padding as specified in
+    :rfc:`5649`.
+
+    :param bytes wrapping_key: The wrapping key.
+
+    :param bytes wrapped_key: The wrapped key.
+
+    :param backend: A
+        :class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
+        instance that supports
+        :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES`.
+
+    :return bytes: The unwrapped key as bytes.
+
+    :raises cryptography.hazmat.primitives.keywrap.InvalidUnwrap: This is
+        raised if the key is not successfully unwrapped.
+
 Exceptions
 ~~~~~~~~~~