ThePassionate opened a new pull request, #3335: URL: https://github.com/apache/nuttx-apps/pull/3335
# Mbedtls AES Key ID Support ## Summary This PR adds comprehensive support for AES encryption with key identifiers in the mbedtls alternative implementation and integrates the necessary patches for cipher wrapper functionality. This enhancement enables more flexible and secure key management in cryptographic operations: 1. **AES-ALT Key ID Support**: Add support for setting AES encryption keys using key identifiers instead of raw key data in the mbedtls alternative implementation. This includes functions for 128/192/256-bit key sizes in both encryption and decryption modes. 2. **MBEDTLS Cipher-Wrap Integration**: Add patch file and build system configuration to support AES cipher wrapping with key ID functionality in the mbedtls third-party library, automatically applied during build process. These changes improve the flexibility and security of cryptographic key management across different deployment scenarios. ## Impact • **Security**: Improves key management by allowing cryptographic keys to be referenced by ID rather than embedding raw key data • **Flexibility**: Enables applications to use both direct key data and key ID-based approaches seamlessly • **Integration**: Ensures proper integration with upstream mbedtls library through automated patch application • **Compatibility**: All changes are backward compatible with existing AES operations • **No breaking changes**: Existing code continues to work without modification ## Testing **Test Environment:** - Host: Linux x86_64 - Configuration: MBEDTLS with AES-ALT enabled - Build System: CMake and Makefile **Test Procedure:** 1. Build NuttX with MBEDTLS and AES-ALT enabled 2. Verify AES key setup with key identifiers 3. Test multiple key sizes (128/192/256-bit) 4. Validate cipher modes (ECB/CBC) with key ID operations 5. Confirm patch application in both CMake and Makefile builds **Test Results:** - ✅ AES key ID setkey functions work correctly - ✅ Support for 128/192/256-bit key sizes verified - ✅ Both encryption and decryption operations functional - ✅ Patch files apply cleanly with both build systems - ✅ Backward compatibility maintained - ✅ No regressions in existing tests -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
