Skip to content

Aes key wrap with padding #10718

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
night1rider wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Aes key wrap with padding #10718

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .github/workflows/os-check.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
name: Ubuntu-Macos-Windows Tests

# START OF COMMON SECTION
Expand Down Expand Up @@ -288,6 +288,12 @@
"configure": ["--disable-sni", "--disable-ecc", "--disable-tls13",
"--disable-secure-renegotiation-info"]},
{"name": "default", "minutes": 1.6},
{"name": "aeskeywrap-padding", "minutes": 1.6,
"comment": "RFC 5649 AES key wrap with padding; exercises the =padding sub-option (not pulled in by --enable-all).",
"configure": ["--enable-aeskeywrap=padding"]},
{"name": "aeskeywrap-padding-cryptocb", "minutes": 1.6,
"comment": "Key wrap (RFC 3394 + RFC 5649) over WOLF_CRYPTO_CB device offload; runs test_wc_CryptoCb_AesKeyWrap.",
"configure": ["--enable-cryptocb", "--enable-aeskeywrap=padding"]},
{"name": "no-client-no-client-auth", "minutes": 1.6,
"configure": ["CPPFLAGS=-DNO_WOLFSSL_CLIENT -DWOLFSSL_NO_CLIENT_AUTH"]},
{"name": "ascon-experimental", "minutes": 1.6,
Expand Down
27 changes: 26 additions & 1 deletion configure.ac
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6287,12 +6287,31 @@ AC_ARG_ENABLE([entropy-memuse],
)

# AES key wrap
# Accepts a comma-separated value list; "padding" adds RFC 5649 key wrap with
# padding on top of the base RFC 3394 key wrap.
AC_ARG_ENABLE([aeskeywrap],
[AS_HELP_STRING([--enable-aeskeywrap],[Enable AES key wrap support (default: disabled)])],
[AS_HELP_STRING([--enable-aeskeywrap],[Enable AES key wrap support, optionally with RFC 5649 padding via "=padding" (default: disabled)])],
[ ENABLED_AESKEYWRAP=$enableval ],
[ ENABLED_AESKEYWRAP=no ]
)

ENABLED_AESKEYWRAP_PADDING=no
for v in `echo $ENABLED_AESKEYWRAP | tr "," " "`
do
case $v in
yes | no)
;;
padding)
# padding (RFC 5649) builds on the base key wrap support
ENABLED_AESKEYWRAP_PADDING=yes
ENABLED_AESKEYWRAP=yes
;;
*)
AC_MSG_ERROR([Invalid aeskeywrap option. Valid are: yes, no, padding. Seen: $ENABLED_AESKEYWRAP.])
;;
esac
done

# FIPS feature and macro setup

AS_CASE([$FIPS_VERSION],
Expand Down Expand Up @@ -10881,6 +10900,11 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"
fi

if test "$ENABLED_AESKEYWRAP_PADDING" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_KEYWRAP_PADDING"
fi


# Old name support for backwards compatibility
AC_ARG_ENABLE([oldnames],
Expand Down Expand Up @@ -12789,6 +12813,7 @@ echo " * AES-SIV: $ENABLED_AESSIV"
echo " * AES-EAX: $ENABLED_AESEAX"
echo " * AES Bitspliced: $ENABLED_AESBS"
echo " * AES Key Wrap: $ENABLED_AESKEYWRAP"
echo " * AES Key Wrap Padding: $ENABLED_AESKEYWRAP_PADDING"
echo " * ARIA: $ENABLED_ARIA"
echo " * ASCON: $ENABLED_ASCON"
echo " * DES3: $ENABLED_DES3"
Expand Down
3 changes: 3 additions & 0 deletions tests/api.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34634,6 +34634,9 @@ TEST_CASE testCases[] = {
#if defined(WOLFSSL_AES_SIV) && defined(WOLFSSL_AES_128)
TEST_AES_SIV_DECLS,
#endif /* WOLFSSL_AES_SIV && WOLFSSL_AES_128 */
#if defined(HAVE_AES_KEYWRAP) && defined(WOLFSSL_AES_KEYWRAP_PADDING)
TEST_AES_KEYWRAP_DECLS,
#endif /* HAVE_AES_KEYWRAP && WOLFSSL_AES_KEYWRAP_PADDING */
TEST_GMAC_DECLS,
/* Ascon */
TEST_ASCON_DECLS,
Expand Down
Loading
Loading