Skip to content

Mbedtls aes keyid alt #3335

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ThePassionate wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Mbedtls aes keyid alt #3335

ThePassionate wants to merge 2 commits into from
+351 −1

Conversation

@ThePassionate
Copy link
Contributor

@ThePassionate ThePassionate commented Jan 16, 2026

Mbedtls AES Key ID Support

Summary

This PR adds comprehensive support for AES encryption with key identifiers in the mbedtls alternative implementation and integrates the necessary patches for cipher wrapper functionality. This enhancement enables more flexible and secure key management in cryptographic operations:

  1. AES-ALT Key ID Support: Add support for setting AES encryption keys using key identifiers instead of raw key data in the mbedtls alternative implementation. This includes functions for 128/192/256-bit key sizes in both encryption and decryption modes.

  2. MBEDTLS Cipher-Wrap Integration: Add patch file and build system configuration to support AES cipher wrapping with key ID functionality in the mbedtls third-party library, automatically applied during build process.

These changes improve the flexibility and security of cryptographic key management across different deployment scenarios.

Impact

Security: Improves key management by allowing cryptographic keys to be referenced by ID rather than embedding raw key data
Flexibility: Enables applications to use both direct key data and key ID-based approaches seamlessly
Integration: Ensures proper integration with upstream mbedtls library through automated patch application
Compatibility: All changes are backward compatible with existing AES operations
No breaking changes: Existing code continues to work without modification

Testing

Test Environment:

  • Host: Linux x86_64
  • Configuration: MBEDTLS with AES-ALT enabled
  • Build System: CMake and Makefile

Test Procedure:

  1. Build NuttX with MBEDTLS and AES-ALT enabled
  2. Verify AES key setup with key identifiers
  3. Test multiple key sizes (128/192/256-bit)
  4. Validate cipher modes (ECB/CBC) with key ID operations
  5. Confirm patch application in both CMake and Makefile builds

Test Results:

  • ✅ AES key ID setkey functions work correctly
  • ✅ Support for 128/192/256-bit key sizes verified
  • ✅ Both encryption and decryption operations functional
  • ✅ Patch files apply cleanly with both build systems
  • ✅ Backward compatibility maintained
  • ✅ No regressions in existing tests

@ThePassionate
crypto/mbedtls: add AES key ID support in AES-ALT
c7708ff 
Add support for AES encryption key setup using key identifiers in the mbedtls alternative implementation, including functions for 128/192/256-bit key sizes in both encryption and decryption modes.

Signed-off-by: makejian <makejian@xiaomi.com>
@ThePassionate
crypto/mbedtls: add patch for mbedtls cipher-wrap with key ID support
ecd5fc5 
Add patch file and build system integration (CMakeLists.txt and Makefile) to support AES cipher wrapping with key ID functionality in the mbedtls third-party library.

Signed-off-by: makejian <makejian@xiaomi.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Area: Crypto Size: M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ThePassionate