From 0fa65aabf0a6a30f7fa06e847d52d81fe8531625 Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Mon, 21 Oct 2019 14:43:37 +0300 Subject: [PATCH] Review corrections -Guard additional static variables with AES_ONLY_ENCRYPT -Update config.h description about memory savings -Update test: fix typo in all.sh and adjust compiler flags --- include/mbedtls/config.h | 5 ++++- library/aes.c | 10 +++++++++- tests/scripts/all.sh | 4 ++-- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 317ff3b2f..87012dab5 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -622,7 +622,10 @@ * * Uncommenting this macro removes support for AES decryption. * - * Tradeoff: Uncommenting this macro reduces ROM footprint by ~2.5 kB. + * Tradeoff: Uncommenting this macro reduces the footprint. For + * example, when both MBEDTLS_AES_ROM_TABLES and + * MBEDTLS_AES_FEWER_TABLES are enabled, enabling this macro + * further reduces the ROM footprint by ~2.5kB. * * Module: library/aes.c * diff --git a/library/aes.c b/library/aes.c index 8ce31cf26..97d9e2543 100644 --- a/library/aes.c +++ b/library/aes.c @@ -337,7 +337,6 @@ static const unsigned char RSb[256] = #define V(a,b,c,d) 0x##a##b##c##d static const uint32_t RT0[256] = { RT }; #undef V -#endif /* !MBEDTLS_AES_ONLY_ENCRYPT */ #if !defined(MBEDTLS_AES_FEWER_TABLES) @@ -354,6 +353,7 @@ static const uint32_t RT3[256] = { RT }; #undef V #endif /* !MBEDTLS_AES_FEWER_TABLES */ +#endif /* !MBEDTLS_AES_ONLY_ENCRYPT */ #undef RT @@ -383,6 +383,7 @@ static uint32_t FT3[256]; /* * Reverse S-box & tables */ +#if !defined(MBEDTLS_AES_ONLY_ENCRYPT) static unsigned char RSb[256]; static uint32_t RT0[256]; #if !defined(MBEDTLS_AES_FEWER_TABLES) @@ -390,6 +391,7 @@ static uint32_t RT1[256]; static uint32_t RT2[256]; static uint32_t RT3[256]; #endif /* !MBEDTLS_AES_FEWER_TABLES */ +#endif /* !MBEDTLS_AES_ONLY_ENCRYPT */ /* * Round constants @@ -434,7 +436,9 @@ static void aes_gen_tables( void ) * generate the forward and reverse S-boxes */ FSb[0x00] = 0x63; +#if !defined(MBEDTLS_AES_ONLY_ENCRYPT) RSb[0x63] = 0x00; +#endif for( i = 1; i < 256; i++ ) { @@ -447,7 +451,9 @@ static void aes_gen_tables( void ) x ^= y ^ 0x63; FSb[i] = (unsigned char) x; +#if !defined(MBEDTLS_AES_ONLY_ENCRYPT) RSb[x] = (unsigned char) i; +#endif } /* @@ -470,6 +476,7 @@ static void aes_gen_tables( void ) FT3[i] = ROTL8( FT2[i] ); #endif /* !MBEDTLS_AES_FEWER_TABLES */ +#if !defined(MBEDTLS_AES_ONLY_ENCRYPT) x = RSb[i]; RT0[i] = ( (uint32_t) MUL( 0x0E, x ) ) ^ @@ -482,6 +489,7 @@ static void aes_gen_tables( void ) RT2[i] = ROTL8( RT1[i] ); RT3[i] = ROTL8( RT2[i] ); #endif /* !MBEDTLS_AES_FEWER_TABLES */ +#endif /* !MBEDTLS_AES_ONLY_ENCRYPT */ } } diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 90dfea5fb..b82011524 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1278,9 +1278,9 @@ component_test_aes_only_128_bit_keys () { component_test_aes_only_encrypt () { msg "build: default config with MBEDTLS_AES_ONLY_ENCRYPT enabled" scripts/config.pl set MBEDTLS_AES_ONLY_ENCRYPT - make CC=gcc CFLAGS='-Werror -Wall -Wextra' + make CC=gcc CFLAGS='-Werror -O1' - msg "test: AES_ONLY_128_BIT_KEY_LENGTH" + msg "test: AES_ONLY_ENCRYPT" make test }