Add config option for AES encryption only

-Add config option for AES encyption only to config.h. Feature is
 disabled by default.
-Enable AES encrypt only feature in baremetal.h configuration
-Remove AES encypt only feature from full config
This commit is contained in:
Arto Kinnunen 2019-10-16 13:43:59 +03:00
parent 366c13eaad
commit 1480444e8e
6 changed files with 56 additions and 0 deletions

View file

@ -40,6 +40,7 @@
#define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_AES_FEWER_TABLES
#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
#define MBEDTLS_AES_ONLY_ENCRYPT
#define MBEDTLS_CCM_C
/* Asymmetric crypto: Single-curve ECC only. */

View file

@ -615,6 +615,22 @@
*/
//#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
/**
* \def MBEDTLS_AES_ONLY_ENCRYPT
*
* Use only AES encryption, decryption is not possible.
*
* Uncommenting this macro removes support for AES decryption.
*
* Tradeoff: Uncommenting this macro reduces ROM footprint by ~2.5 kB.
*
* Module: library/aes.c
*
* Requires: MBEDTLS_AES_C
*
*/
//#define MBEDTLS_AES_ONLY_ENCRYPT
/**
* \def MBEDTLS_CAMELLIA_SMALL_MEMORY
*

View file

@ -222,6 +222,7 @@ static const uint32_t FT3[256] = { FT };
#undef FT
#if !defined(MBEDTLS_AES_ONLY_ENCRYPT)
/*
* Reverse S-box
*/
@ -260,6 +261,7 @@ static const unsigned char RSb[256] =
0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
};
#endif /* !MBEDTLS_AES_ONLY_ENCRYPT */
/*
* Reverse tables
@ -331,9 +333,11 @@ static const unsigned char RSb[256] =
V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
#if !defined(MBEDTLS_AES_ONLY_ENCRYPT)
#define V(a,b,c,d) 0x##a##b##c##d
static const uint32_t RT0[256] = { RT };
#undef V
#endif /* !MBEDTLS_AES_ONLY_ENCRYPT */
#if !defined(MBEDTLS_AES_FEWER_TABLES)
@ -675,6 +679,13 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits )
{
#if defined(MBEDTLS_AES_ONLY_ENCRYPT)
(void) ctx;
(void) key;
(void) keybits;
return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
#else /* */
int i, j, ret;
mbedtls_aes_context cty;
uint32_t *RK;
@ -737,6 +748,7 @@ exit:
mbedtls_aes_free( &cty );
return( ret );
#endif /* MBEDTLS_AES_ONLY_ENCRYPT */
}
#if defined(MBEDTLS_CIPHER_MODE_XTS)
@ -937,7 +949,9 @@ void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
/*
* AES-ECB block decryption
*/
#if !defined(MBEDTLS_AES_DECRYPT_ALT)
#if !defined(MBEDTLS_AES_ONLY_ENCRYPT)
int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] )
@ -991,6 +1005,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
return( 0 );
}
#endif /* !MBEDTLS_AES_ONLY_ENCRYPT */
#endif /* !MBEDTLS_AES_DECRYPT_ALT */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
@ -998,7 +1013,13 @@ void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] )
{
#if defined(MBEDTLS_AES_ONLY_ENCRYPT)
(void) ctx;
(void) input;
(void) output;
#else /* MBEDTLS_AES_ONLY_ENCRYPT */
mbedtls_internal_aes_decrypt( ctx, input, output );
#endif /* MBEDTLS_AES_ONLY_ENCRYPT */
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@ -1015,6 +1036,7 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
AES_VALIDATE_RET( output != NULL );
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
mode == MBEDTLS_AES_DECRYPT );
(void) mode;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
@ -1032,11 +1054,15 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
//
}
#endif
#if defined(MBEDTLS_AES_ONLY_ENCRYPT)
return( mbedtls_internal_aes_encrypt( ctx, input, output ) );
#else /* MBEDTLS_AES_ONLY_ENCRYPT */
if( mode == MBEDTLS_AES_ENCRYPT )
return( mbedtls_internal_aes_encrypt( ctx, input, output ) );
else
return( mbedtls_internal_aes_decrypt( ctx, input, output ) );
#endif /* MBEDTLS_AES_ONLY_ENCRYPT */
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)

View file

@ -267,6 +267,9 @@ static const char *features[] = {
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
"MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH",
#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
#if defined(MBEDTLS_AES_ONLY_ENCRYPT)
"MBEDTLS_AES_ONLY_ENCRYPT",
#endif /* MBEDTLS_AES_ONLY_ENCRYPT */
#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
"MBEDTLS_CAMELLIA_SMALL_MEMORY",
#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */

View file

@ -754,6 +754,14 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
#if defined(MBEDTLS_AES_ONLY_ENCRYPT)
if( strcmp( "MBEDTLS_AES_ONLY_ENCRYPT", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ONLY_ENCRYPT );
return( 0 );
}
#endif /* MBEDTLS_AES_ONLY_ENCRYPT */
#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
if( strcmp( "MBEDTLS_CAMELLIA_SMALL_MEMORY", config ) == 0 )
{

View file

@ -52,6 +52,7 @@
# MBEDTLS_NO_UDBL_DIVISION
# MBEDTLS_NO_64BIT_MULTIPLICATION
# MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
# MBEDTLS_AES_ONLY_ENCRYPT
# and any symbol beginning _ALT
#
@ -128,6 +129,7 @@ MBEDTLS_NO_UDBL_DIVISION
MBEDTLS_NO_64BIT_MULTIPLICATION
MBEDTLS_USE_TINYCRYPT
MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
MBEDTLS_AES_ONLY_ENCRYPT
_ALT\s*$
);