mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-10 20:25:47 +00:00
Add config option for AES encryption only
-Add config option for AES encyption only to config.h. Feature is disabled by default. -Enable AES encrypt only feature in baremetal.h configuration -Remove AES encypt only feature from full config
This commit is contained in:
parent
366c13eaad
commit
1480444e8e
|
@ -40,6 +40,7 @@
|
|||
#define MBEDTLS_AES_ROM_TABLES
|
||||
#define MBEDTLS_AES_FEWER_TABLES
|
||||
#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
#define MBEDTLS_AES_ONLY_ENCRYPT
|
||||
#define MBEDTLS_CCM_C
|
||||
|
||||
/* Asymmetric crypto: Single-curve ECC only. */
|
||||
|
|
|
@ -615,6 +615,22 @@
|
|||
*/
|
||||
//#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_AES_ONLY_ENCRYPT
|
||||
*
|
||||
* Use only AES encryption, decryption is not possible.
|
||||
*
|
||||
* Uncommenting this macro removes support for AES decryption.
|
||||
*
|
||||
* Tradeoff: Uncommenting this macro reduces ROM footprint by ~2.5 kB.
|
||||
*
|
||||
* Module: library/aes.c
|
||||
*
|
||||
* Requires: MBEDTLS_AES_C
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_AES_ONLY_ENCRYPT
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_CAMELLIA_SMALL_MEMORY
|
||||
*
|
||||
|
|
|
@ -222,6 +222,7 @@ static const uint32_t FT3[256] = { FT };
|
|||
|
||||
#undef FT
|
||||
|
||||
#if !defined(MBEDTLS_AES_ONLY_ENCRYPT)
|
||||
/*
|
||||
* Reverse S-box
|
||||
*/
|
||||
|
@ -260,6 +261,7 @@ static const unsigned char RSb[256] =
|
|||
0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
|
||||
0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
|
||||
};
|
||||
#endif /* !MBEDTLS_AES_ONLY_ENCRYPT */
|
||||
|
||||
/*
|
||||
* Reverse tables
|
||||
|
@ -331,9 +333,11 @@ static const unsigned char RSb[256] =
|
|||
V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
|
||||
V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
|
||||
|
||||
#if !defined(MBEDTLS_AES_ONLY_ENCRYPT)
|
||||
#define V(a,b,c,d) 0x##a##b##c##d
|
||||
static const uint32_t RT0[256] = { RT };
|
||||
#undef V
|
||||
#endif /* !MBEDTLS_AES_ONLY_ENCRYPT */
|
||||
|
||||
#if !defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
|
||||
|
@ -675,6 +679,13 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits )
|
||||
{
|
||||
#if defined(MBEDTLS_AES_ONLY_ENCRYPT)
|
||||
(void) ctx;
|
||||
(void) key;
|
||||
(void) keybits;
|
||||
|
||||
return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
|
||||
#else /* */
|
||||
int i, j, ret;
|
||||
mbedtls_aes_context cty;
|
||||
uint32_t *RK;
|
||||
|
@ -737,6 +748,7 @@ exit:
|
|||
mbedtls_aes_free( &cty );
|
||||
|
||||
return( ret );
|
||||
#endif /* MBEDTLS_AES_ONLY_ENCRYPT */
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
||||
|
@ -937,7 +949,9 @@ void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
|
|||
/*
|
||||
* AES-ECB block decryption
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_AES_DECRYPT_ALT)
|
||||
#if !defined(MBEDTLS_AES_ONLY_ENCRYPT)
|
||||
int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] )
|
||||
|
@ -991,6 +1005,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* !MBEDTLS_AES_ONLY_ENCRYPT */
|
||||
#endif /* !MBEDTLS_AES_DECRYPT_ALT */
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
|
@ -998,7 +1013,13 @@ void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
|
|||
const unsigned char input[16],
|
||||
unsigned char output[16] )
|
||||
{
|
||||
#if defined(MBEDTLS_AES_ONLY_ENCRYPT)
|
||||
(void) ctx;
|
||||
(void) input;
|
||||
(void) output;
|
||||
#else /* MBEDTLS_AES_ONLY_ENCRYPT */
|
||||
mbedtls_internal_aes_decrypt( ctx, input, output );
|
||||
#endif /* MBEDTLS_AES_ONLY_ENCRYPT */
|
||||
}
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
|
@ -1015,6 +1036,7 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
|
|||
AES_VALIDATE_RET( output != NULL );
|
||||
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
|
||||
mode == MBEDTLS_AES_DECRYPT );
|
||||
(void) mode;
|
||||
|
||||
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
|
||||
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
|
||||
|
@ -1032,11 +1054,15 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
|
|||
//
|
||||
}
|
||||
#endif
|
||||
#if defined(MBEDTLS_AES_ONLY_ENCRYPT)
|
||||
return( mbedtls_internal_aes_encrypt( ctx, input, output ) );
|
||||
#else /* MBEDTLS_AES_ONLY_ENCRYPT */
|
||||
|
||||
if( mode == MBEDTLS_AES_ENCRYPT )
|
||||
return( mbedtls_internal_aes_encrypt( ctx, input, output ) );
|
||||
else
|
||||
return( mbedtls_internal_aes_decrypt( ctx, input, output ) );
|
||||
#endif /* MBEDTLS_AES_ONLY_ENCRYPT */
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
|
|
|
@ -267,6 +267,9 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
"MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH",
|
||||
#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
|
||||
#if defined(MBEDTLS_AES_ONLY_ENCRYPT)
|
||||
"MBEDTLS_AES_ONLY_ENCRYPT",
|
||||
#endif /* MBEDTLS_AES_ONLY_ENCRYPT */
|
||||
#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
|
||||
"MBEDTLS_CAMELLIA_SMALL_MEMORY",
|
||||
#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
|
||||
|
|
|
@ -754,6 +754,14 @@ int query_config( const char *config )
|
|||
}
|
||||
#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
|
||||
|
||||
#if defined(MBEDTLS_AES_ONLY_ENCRYPT)
|
||||
if( strcmp( "MBEDTLS_AES_ONLY_ENCRYPT", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ONLY_ENCRYPT );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_AES_ONLY_ENCRYPT */
|
||||
|
||||
#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
|
||||
if( strcmp( "MBEDTLS_CAMELLIA_SMALL_MEMORY", config ) == 0 )
|
||||
{
|
||||
|
|
|
@ -52,6 +52,7 @@
|
|||
# MBEDTLS_NO_UDBL_DIVISION
|
||||
# MBEDTLS_NO_64BIT_MULTIPLICATION
|
||||
# MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
# MBEDTLS_AES_ONLY_ENCRYPT
|
||||
# and any symbol beginning _ALT
|
||||
#
|
||||
|
||||
|
@ -128,6 +129,7 @@ MBEDTLS_NO_UDBL_DIVISION
|
|||
MBEDTLS_NO_64BIT_MULTIPLICATION
|
||||
MBEDTLS_USE_TINYCRYPT
|
||||
MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
MBEDTLS_AES_ONLY_ENCRYPT
|
||||
_ALT\s*$
|
||||
);
|
||||
|
||||
|
|
Loading…
Reference in a new issue