I'm trying to learn how AES-128-CBC encryption works. ... My implementation of key wrapping
Key wrapping is a specific form of encryption. You don't necessarily need key wrapping to encrypt something. Using this RFC to learn about encryption is not the most straightforward way.
Also, the key wrap algorithm from the RFC does not use CBC, so it seems you are confusing or combining two things?
If I encrypt (using the methods and ciphers stated above) a 2 block file (32 bytes) I get a 48 bytes encrypted (3 block???) file. Is this correct?
AES-128 encrypts 16 bytes plaintext into 16 bytes ciphertext, so the length remains the same. However, AES-128 is typically used in a specific mode of operation (such as CBC) or as the building block of another algorithm, such as key wrapping. Typically the encrypted message contains a nonce or initialization vector (IV) to randomize the encryption, and authentication tag to verify the message was not tampered with.
RFC3394 describes the expected length in section 2.2.1:
Inputs: Plaintext, n 64-bit values {P1, P2, ..., Pn}, and
Key, K (the KEK).
Outputs: Ciphertext, (n+1) 64-bit values {C0, C1, ..., Cn}.
The plaintext is n blocks in length, the ciphertext is n+1 blocks in length.
Key wrapping is just encryption of a key
Right, it encrypts one key with another key. It's an algorithm specifically designed to encrypt keys, and not meant for general purpose encrypting.
so half of it needs to be unwrapped in order to decrypt the full 32 bytes (not sure about this though)
This sentence doesn't make sense to me. "Unwrapping the key" means decrypting the ciphertext using the key wrap algorithm. Half-unwrapping is not really a thing.
In layman terms, how does key wrapping work?
Just like any other authenticated encryption, but now the thing that is encrypted is the key. So you would encrypt the data key using the secret key encryption key (KEK). Then later, you would decrypt the ciphertext with the KEK and that returns the data key.
it always seems to have the same length so I'm confused.
I would expect that if you use a longer key, you also get a longer ciphertext. I am not sure what you tried that confuses you.
Why is a6a6a6a6a6a6a6a6 the default IV for AES-128 key wrapping?
This seems to just be a convention without much reason behind it. Normally when encrypting things, you would use a random IV. But because this key wrap algorithm is specific to high-entropic keys, they came up with a different algorithm that uses a fixed IV.
What is a IV mismatch?
You wrap a key using the IV a6a6a6a6a6a6a6a6. Then when unwrapping, it again calculates the used IV. If unwrapping went fine, the IV will be a6a6a6a6a6a6a6a6. If the message was tampered with in the meantime, the IV will be different. So an IV mismatch means that the message was not authentic.
Is SIV (Synthetic Initiation Vector) just a modern implementation of this key wrapping or this something completely different?
SIV is a block cipher mode of operation. A key wrap algorithm has been designed using SIV, and that's described in RFC5297.
If I want to unwrap a AES-128-CBC key wrapping I need at least 3n of bytes, where n= 8 bytes, why?
I'm not sure about this.
Why when I try to decrypt a lightly modified version of my program literally half (the second half, so 16/32 bytes) of the plaintext gets revealed?
Is this using CBC mode? You probably edited one block in the ciphertext, with scrambled one block in the output. Since each block is encrypted seperately, it's possible that other blocks still decrypt correctly. I've written more about that in bitflip effect on encryption operation modes.
