Merge remote-tracking branch 'tls/development' into development

Merge Mbed TLS at f790a6cbee into Mbed Crypto. Resolve conflicts by performing the following: - Reject changes to README.md - Don't add crypto as a submodule - Remove test/ssl_cert_test from programs/Makefile - Add cipher.nist_kw test to tests/CMakeLists.txt - Reject removal of crypto-specific all.sh tests - Reject update to SSL-specific portion of component_test_valgrind in all.sh - Reject addition of ssl-opt.sh testing to component_test_m32_o1 in all.sh * tls/development: (87 commits) Call mbedtls_cipher_free() to reset a cipher context Don't call mbedtls_cipher_setkey twice Update crypto submodule Minor fixes in get certificate policies oid test Add certificate policy oid x509 extension cpp_dummy_build: Add missing header psa_util.h Clarify comment mangled by an earlier refactoring Add an "out-of-box" component Run ssl-opt.sh on 32-bit runtime Don't use debug level 1 for informational messages Skip uncritical unsupported extensions Give credit to OSS-Fuzz for #2404 all.sh: remove component_test_new_ecdh_context Remove crypto-only related components from all.sh Remove ssl_cert_test sample app Make CRT callback tests more robust Rename constant in client2.c Document and test flags in x509_verify Fix style issues and a typo Fix a rebase error ...
2025-07-28 00:21:48 +03:00 · 2019-04-17 12:12:24 +01:00
parent 125a1e980e f790a6cbee
commit 521dbc67da
46 changed files with 1558 additions and 1189 deletions
--- a/library/cipher.c
+++ b/library/cipher.c
@ -63,6 +63,10 @@
 #include "mbedtls/psa_util.h"
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

+#if defined(MBEDTLS_NIST_KW_C)
+#include "mbedtls/nist_kw.h"
+#endif
+
 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
 #else
@ -1385,6 +1389,22 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
                                ilen, iv, ad, ad_len, input, output, tag ) );
    }
 #endif /* MBEDTLS_CHACHAPOLY_C */
+#if defined(MBEDTLS_NIST_KW_C)
+   if( MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
+       MBEDTLS_MODE_KWP == ctx->cipher_info->mode )
+    {
+        mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ?
+                                        MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
+
+        /* There is no iv, tag or ad associated with KW and KWP, these length should be 0 */
+        if( iv_len != 0 || tag_len != 0 || ad_len != 0 )
+        {
+            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        }
+
+        return( mbedtls_nist_kw_wrap( ctx->cipher_ctx, mode, input, ilen, output, olen, SIZE_MAX ) );
+    }
+#endif /* MBEDTLS_NIST_KW_C */

    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
 }
@ -1494,6 +1514,22 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
        return( ret );
    }
 #endif /* MBEDTLS_CHACHAPOLY_C */
+#if defined(MBEDTLS_NIST_KW_C)
+    if( MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
+        MBEDTLS_MODE_KWP == ctx->cipher_info->mode )
+    {
+        mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ?
+                                        MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
+
+        /* There is no iv, tag or ad associated with KW and KWP, these length should be 0 */
+        if( iv_len != 0 || tag_len != 0 || ad_len != 0 )
+        {
+            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        }
+
+        return( mbedtls_nist_kw_unwrap( ctx->cipher_ctx, mode, input, ilen, output, olen, SIZE_MAX ) );
+    }
+#endif /* MBEDTLS_NIST_KW_C */

    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
 }