Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions .github/workflows/os-check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -266,6 +266,21 @@ jobs:
{"name": "cryptocb-aesgcm-setkey-free", "minutes": 2.1,
"configure": ["--enable-cryptocb", "--enable-aesgcm",
"CPPFLAGS=-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"]},
{"name": "ecies-sec1-gcm-static-nonce", "minutes": 2.0,
"comment": "ECIES with the AES-GCM DEM in the default SEC1 IV mode; WOLFSSL_ECIES_STATIC_GCM_NONCE opts into the fixed-nonce GCM path so the GCM KAT/round-trip and cryptocb tests run.",
"configure": ["--enable-eccencrypt", "--enable-aesgcm", "--enable-aesctr",
"--enable-x963kdf", "--enable-cryptocb", "--enable-keygen",
"CPPFLAGS=-DWOLFSSL_ECIES_STATIC_GCM_NONCE"]},
{"name": "ecies-geniv-gcm-static-nonce", "minutes": 2.0,
"comment": "Same ECIES-GCM coverage in the WOLFSSL_ECIES_GEN_IV mode (random embedded nonce).",
"configure": ["--enable-eccencrypt=geniv", "--enable-aesgcm", "--enable-aesctr",
"--enable-x963kdf", "--enable-cryptocb", "--enable-keygen",
"CPPFLAGS=-DWOLFSSL_ECIES_STATIC_GCM_NONCE"]},
{"name": "ecies-old-gcm-static-nonce", "minutes": 2.0,
"comment": "Same ECIES-GCM coverage in the legacy WOLFSSL_ECIES_OLD mode (KDF-derived nonce, no ephemeral pubkey prepended).",
"configure": ["--enable-eccencrypt=old", "--enable-aesgcm", "--enable-aesctr",
"--enable-x963kdf", "--enable-cryptocb", "--enable-keygen",
"CPPFLAGS=-DWOLFSSL_ECIES_STATIC_GCM_NONCE"]},
{"name": "opensslextra-x509small", "minutes": 2.0,
"configure": ["--enable-opensslextra=x509small"]},
{"name": "cryptocb-keygen-find", "minutes": 2.0,
Expand Down
26 changes: 26 additions & 0 deletions doc/dox_comments/header_files/ecc.h
Original file line number Diff line number Diff line change
Expand Up @@ -2025,6 +2025,11 @@ int wc_ecc_ctx_set_info(ecEncCtx* ctx, const byte* info, int sz);
\param ctx Optional: pointer to an ecEncCtx object specifying different
encryption algorithms to use

\note Selecting an AES-GCM DEM algorithm (ecAES_128_GCM, ecAES_256_GCM) in
the default IV mode requires the WOLFSSL_ECIES_STATIC_GCM_NONCE build macro;
otherwise this function returns NOT_COMPILED_IN. See wc_ecc_encrypt_ex for
the full rationale.

_Example_
\code
byte msg[] = { initialize with msg to encrypt. Ensure padded to block size };
Expand Down Expand Up @@ -2072,6 +2077,9 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
small to store the encrypted ciphertext
\return MEMORY_E Returned if there is an error allocating memory
for the shared secret key
\return NOT_COMPILED_IN Returned if an AES-GCM DEM algorithm
(ecAES_128_GCM or ecAES_256_GCM) is requested in the default IV mode
without the WOLFSSL_ECIES_STATIC_GCM_NONCE build macro defined

\param privKey pointer to the ecc_key object containing the
private key to use for encryption
Expand All @@ -2088,6 +2096,16 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
encryption algorithms to use
\param compressed Public key field is to be output in compressed format.

\note The AES-GCM DEM algorithms (ecAES_128_GCM, ecAES_256_GCM) in the
default IV mode use a fixed all-zero GCM nonce. That is safe only because
ECIES derives a fresh symmetric key from a fresh ephemeral key on every
encryption, so the (key, nonce) pair never repeats; reusing the ephemeral
key is catastrophic for AES-GCM. For that reason the fixed-nonce GCM DEM is
off by default and must be enabled with the WOLFSSL_ECIES_STATIC_GCM_NONCE
build macro, otherwise this function returns NOT_COMPILED_IN for a GCM
algorithm. The macro is not needed with WOLFSSL_ECIES_GEN_IV (random
per-message nonce) or WOLFSSL_ECIES_OLD (nonce derived from the KDF output).

_Example_
\code
byte msg[] = { initialize with msg to encrypt. Ensure padded to block size };
Expand Down Expand Up @@ -2136,6 +2154,9 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
small to store the decrypted plaintext
\return MEMORY_E Returned if there is an error allocating memory
for the shared secret key
\return NOT_COMPILED_IN Returned if an AES-GCM DEM algorithm
(ecAES_128_GCM or ecAES_256_GCM) is requested in the default IV mode
without the WOLFSSL_ECIES_STATIC_GCM_NONCE build macro defined

\param privKey pointer to the ecc_key object containing the private
key to use for decryption
Expand All @@ -2150,6 +2171,11 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
\param ctx Optional: pointer to an ecEncCtx object specifying
different decryption algorithms to use

\note Selecting an AES-GCM DEM algorithm (ecAES_128_GCM, ecAES_256_GCM) in
the default IV mode requires the WOLFSSL_ECIES_STATIC_GCM_NONCE build macro;
otherwise this function returns NOT_COMPILED_IN. See wc_ecc_encrypt_ex for
the full rationale.

_Example_
\code
byte cipher[] = { initialize with
Expand Down
Loading
Loading