Consider additional validation for aes_xts_unwrap_key and add back unwrap_xts_blob_identical_halves_is_rejected test case #224
Description
A new test case where both key 1 and key 2 are identical in the xts blob was failing. The aes_xts_unwrap_key function can return successfully, only for the encryption operations to fail with using those keys.
We need to consider if and how this case should be handled in aes_xts_unwrap_key. Do we want to succeed and wait for the encrypt operation to fail, as it is now? Or should we check this case and return an error? One particular difficulty is that we may have to attempt a small encryption operation within aes_xts_unwrap_key in order to detect the issue, which may be more computationally expensive than we want in order to catch this issue earlier.
We should also add back the failing test case, unwrap_xts_blob_identical_halves_is_rejected, which is attached.
See this PR for where we deferred the test and possible fix to this issue:
#217