Aes key wrap with padding

.github/workflows/cryptocb-only.yml

@@ -1,3 +1,3 @@
 name: cryptocb-only Tests
 
 # START OF COMMON SECTION
@@ -162,11 +162,11 @@
             "--enable-tls13",
             "CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_SHA512 -DWOLFSSL_SWDEV_SHA512_GENERAL_ONLY"]},
           {"name": "aes", "minutes": 2,
-           "comment": "WOLF_CRYPTO_CB_ONLY_AES: strips software AES; swdev provides the software path via cryptocb.",
+           "comment": "WOLF_CRYPTO_CB_ONLY_AES: strips software AES; swdev provides the software path via cryptocb. aeskeywrap=padding covers RFC 3394 + RFC 5649 key wrap via swdev_aes_keywrap.",
            "configure": ["--enable-swdev", "--enable-cryptocb", "--enable-ecc",
             "--enable-rsa", "--enable-dh", "--enable-aesgcm",
             "--enable-aesccm", "--enable-aesctr", "--enable-aescfb",
-            "--enable-aeskeywrap", "--enable-aessiv", "--enable-aesofb",
+            "--enable-aeskeywrap=padding", "--enable-aessiv", "--enable-aesofb",
             "--enable-aesxts", "--enable-camellia", "--enable-chacha",
             "--enable-poly1305", "--enable-sha", "--enable-sha3",
             "--enable-shake128", "--enable-shake256", "--enable-blake2",
@@ -181,11 +181,11 @@
             "--enable-ocspstapling2", "--enable-dtls", "--enable-dtls13",
             "--enable-tls13", "CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_AES"]},
           {"name": "aes-gcm-via-ecb", "minutes": 2,
-           "comment": "Same as aes but tells swdev to refuse AES-GCM (SWDEV_AES_ONLYECB). That forces the parent's CB_ONLY_AES host-side GCM software path: GHASH runs on the host while AES-CTR blocks dispatch back through cryptocb ECB. The aes entry instead has swdev handle GCM end-to-end, so the host-side GCM path is otherwise uncovered.",
+           "comment": "Same as aes but tells swdev to refuse AES-GCM (SWDEV_AES_ONLYECB). That forces the parent's CB_ONLY_AES host-side GCM software path: GHASH runs on the host while AES-CTR blocks dispatch back through cryptocb ECB. The aes entry instead has swdev handle GCM end-to-end, so the host-side GCM path is otherwise uncovered. swdev also refuses key wrap here, so RFC 3394 + RFC 5649 key wrap composes from cryptocb ECB on the host.",
            "configure": ["--enable-swdev", "--enable-cryptocb", "--enable-ecc",
             "--enable-rsa", "--enable-dh", "--enable-aesgcm",
             "--enable-aesccm", "--enable-aesctr", "--enable-aescfb",
-            "--enable-aeskeywrap", "--enable-aessiv", "--enable-aesofb",
+            "--enable-aeskeywrap=padding", "--enable-aessiv", "--enable-aesofb",
             "--enable-aesxts", "--enable-camellia", "--enable-chacha",
             "--enable-poly1305", "--enable-sha", "--enable-sha3",
             "--enable-shake128", "--enable-shake256", "--enable-blake2",

.github/workflows/os-check.yml

@@ -1,3 +1,3 @@
 name: Ubuntu-Macos-Windows Tests
 
 # START OF COMMON SECTION
@@ -288,6 +288,12 @@
            "configure": ["--disable-sni", "--disable-ecc", "--disable-tls13",
             "--disable-secure-renegotiation-info"]},
           {"name": "default", "minutes": 1.6},
+          {"name": "aeskeywrap-padding", "minutes": 1.6,
+           "comment": "RFC 5649 AES key wrap with padding; exercises the =padding sub-option (not pulled in by --enable-all).",
+           "configure": ["--enable-aeskeywrap=padding"]},
+          {"name": "aeskeywrap-padding-cryptocb", "minutes": 1.6,
+           "comment": "Key wrap (RFC 3394 + RFC 5649) over WOLF_CRYPTO_CB device offload; runs test_wc_CryptoCb_AesKeyWrap.",
+           "configure": ["--enable-cryptocb", "--enable-aeskeywrap=padding"]},
           {"name": "no-client-no-client-auth", "minutes": 1.6,
            "configure": ["CPPFLAGS=-DNO_WOLFSSL_CLIENT -DWOLFSSL_NO_CLIENT_AUTH"]},
           {"name": "ascon-experimental", "minutes": 1.6,

configure.ac

@@ -6287,12 +6287,31 @@ AC_ARG_ENABLE([entropy-memuse],
     )
 
 # AES key wrap
+# Accepts a comma-separated value list; "padding" adds RFC 5649 key wrap with
+# padding on top of the base RFC 3394 key wrap.
 AC_ARG_ENABLE([aeskeywrap],
-    [AS_HELP_STRING([--enable-aeskeywrap],[Enable AES key wrap support (default: disabled)])],
+    [AS_HELP_STRING([--enable-aeskeywrap],[Enable AES key wrap support, optionally with RFC 5649 padding via "=padding" (default: disabled)])],
     [ ENABLED_AESKEYWRAP=$enableval ],
     [ ENABLED_AESKEYWRAP=no ]
     )
 
+ENABLED_AESKEYWRAP_PADDING=no
+for v in `echo $ENABLED_AESKEYWRAP | tr "," " "`
+do
+    case $v in
+    yes | no)
+        ;;
+    padding)
+        # padding (RFC 5649) builds on the base key wrap support
+        ENABLED_AESKEYWRAP_PADDING=yes
+        ENABLED_AESKEYWRAP=yes
+        ;;
+    *)
+        AC_MSG_ERROR([Invalid aeskeywrap option. Valid are: yes, no, padding. Seen: $ENABLED_AESKEYWRAP.])
+        ;;
+    esac
+done
+
 # FIPS feature and macro setup
 
 AS_CASE([$FIPS_VERSION],
@@ -10881,6 +10900,11 @@ then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"
 fi
 
+if test "$ENABLED_AESKEYWRAP_PADDING" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_KEYWRAP_PADDING"
+fi
+
 
 # Old name support for backwards compatibility
 AC_ARG_ENABLE([oldnames],
@@ -12789,6 +12813,7 @@ echo "   * AES-SIV:                    $ENABLED_AESSIV"
 echo "   * AES-EAX:                    $ENABLED_AESEAX"
 echo "   * AES Bitspliced:             $ENABLED_AESBS"
 echo "   * AES Key Wrap:               $ENABLED_AESKEYWRAP"
+echo "   * AES Key Wrap Padding:       $ENABLED_AESKEYWRAP_PADDING"
 echo "   * ARIA:                       $ENABLED_ARIA"
 echo "   * ASCON:                      $ENABLED_ASCON"
 echo "   * DES3:                       $ENABLED_DES3"

tests/api.c

@@ -34868,6 +34868,9 @@ TEST_CASE testCases[] = {
 #if defined(WOLFSSL_AES_SIV) && defined(WOLFSSL_AES_128)
     TEST_AES_SIV_DECLS,
 #endif /* WOLFSSL_AES_SIV && WOLFSSL_AES_128 */
+#if defined(HAVE_AES_KEYWRAP) && defined(WOLFSSL_AES_KEYWRAP_PADDING)
+    TEST_AES_KEYWRAP_DECLS,
+#endif /* HAVE_AES_KEYWRAP && WOLFSSL_AES_KEYWRAP_PADDING */
     TEST_GMAC_DECLS,
     /* Ascon */
     TEST_ASCON_DECLS,