mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 05:05:35 +00:00
AES: add config option for 128-bit keys
Add configuration options to support only 128-bit key lengths in AES calculation.
This commit is contained in:
parent
e2bf54d3d1
commit
77b9cfcea9
|
@ -39,6 +39,7 @@
|
|||
#define MBEDTLS_AES_C
|
||||
#define MBEDTLS_AES_ROM_TABLES
|
||||
#define MBEDTLS_AES_FEWER_TABLES
|
||||
#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
#define MBEDTLS_CCM_C
|
||||
|
||||
/* Asymmetric crypto: Single-curve ECC only. */
|
||||
|
|
|
@ -3863,6 +3863,25 @@
|
|||
|
||||
/* \} SECTION: Compile-time SSL configuration */
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
*
|
||||
* Use only 128-bit keys in AES operations.
|
||||
*
|
||||
* Uncommenting this macro removes support for AES operations that are using 192
|
||||
* or 256-bit keys.
|
||||
*
|
||||
* Tradeoff: Uncommenting this macro reduces ROM footprint by ~200 bytes.
|
||||
*
|
||||
* If uncommented, uncomment also MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
|
||||
*
|
||||
* Module: library/aes.c
|
||||
*
|
||||
* Requires: MBEDTLS_AES_C
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
|
||||
/* Target and application specific configurations
|
||||
*
|
||||
* Allow user to override any previous default.
|
||||
|
|
|
@ -565,8 +565,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
switch( keybits )
|
||||
{
|
||||
case 128: ctx->nr = 10; break;
|
||||
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
case 192: ctx->nr = 12; break;
|
||||
case 256: ctx->nr = 14; break;
|
||||
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
|
||||
default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
|
||||
}
|
||||
|
||||
|
@ -615,7 +617,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
RK[7] = RK[3] ^ RK[6];
|
||||
}
|
||||
break;
|
||||
|
||||
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
case 12:
|
||||
|
||||
for( i = 0; i < 8; i++, RK += 6 )
|
||||
|
@ -659,6 +661,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
RK[15] = RK[7] ^ RK[14];
|
||||
}
|
||||
break;
|
||||
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
|
@ -1825,6 +1828,14 @@ int mbedtls_aes_self_test( int verbose )
|
|||
mbedtls_printf( " AES-ECB-%3d (%s): ", keybits,
|
||||
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
|
||||
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
if( keybits > 128 )
|
||||
{
|
||||
mbedtls_printf( "skipped\n" );
|
||||
continue;
|
||||
}
|
||||
#endif
|
||||
|
||||
mbedtls_platform_memset( buf, 0, 16 );
|
||||
|
||||
if( mode == MBEDTLS_AES_DECRYPT )
|
||||
|
@ -1887,6 +1898,14 @@ int mbedtls_aes_self_test( int verbose )
|
|||
mbedtls_printf( " AES-CBC-%3d (%s): ", keybits,
|
||||
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
|
||||
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
if( keybits > 128 )
|
||||
{
|
||||
mbedtls_printf( "skipped\n" );
|
||||
continue;
|
||||
}
|
||||
#endif
|
||||
|
||||
mbedtls_platform_memset( iv , 0, 16 );
|
||||
mbedtls_platform_memset( prv, 0, 16 );
|
||||
mbedtls_platform_memset( buf, 0, 16 );
|
||||
|
@ -1962,6 +1981,14 @@ int mbedtls_aes_self_test( int verbose )
|
|||
mbedtls_printf( " AES-CFB128-%3d (%s): ", keybits,
|
||||
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
|
||||
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
if( keybits > 128 )
|
||||
{
|
||||
mbedtls_printf( "skipped\n" );
|
||||
continue;
|
||||
}
|
||||
#endif
|
||||
|
||||
memcpy( iv, aes_test_cfb128_iv, 16 );
|
||||
memcpy( key, aes_test_cfb128_key[u], keybits / 8 );
|
||||
|
||||
|
@ -2025,6 +2052,13 @@ int mbedtls_aes_self_test( int verbose )
|
|||
mbedtls_printf( " AES-OFB-%3d (%s): ", keybits,
|
||||
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
|
||||
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
if( keybits > 128 )
|
||||
{
|
||||
mbedtls_printf( "skipped\n" );
|
||||
continue;
|
||||
}
|
||||
#endif
|
||||
memcpy( iv, aes_test_ofb_iv, 16 );
|
||||
memcpy( key, aes_test_ofb_key[u], keybits / 8 );
|
||||
|
||||
|
@ -2087,6 +2121,14 @@ int mbedtls_aes_self_test( int verbose )
|
|||
mbedtls_printf( " AES-CTR-128 (%s): ",
|
||||
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
|
||||
|
||||
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
if( keybits > 128 )
|
||||
{
|
||||
mbedtls_printf( "skipped\n" );
|
||||
continue;
|
||||
}
|
||||
#endif
|
||||
|
||||
memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 );
|
||||
memcpy( key, aes_test_ctr_key[u], 16 );
|
||||
|
||||
|
|
|
@ -327,6 +327,7 @@ static void aesni_setkey_enc_128( unsigned char *rk,
|
|||
/*
|
||||
* Key expansion, 192-bit case
|
||||
*/
|
||||
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
static void aesni_setkey_enc_192( unsigned char *rk,
|
||||
const unsigned char *key )
|
||||
{
|
||||
|
@ -380,10 +381,12 @@ static void aesni_setkey_enc_192( unsigned char *rk,
|
|||
: "r" (rk), "r" (key)
|
||||
: "memory", "cc", "0" );
|
||||
}
|
||||
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
|
||||
|
||||
/*
|
||||
* Key expansion, 256-bit case
|
||||
*/
|
||||
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
static void aesni_setkey_enc_256( unsigned char *rk,
|
||||
const unsigned char *key )
|
||||
{
|
||||
|
@ -446,6 +449,7 @@ static void aesni_setkey_enc_256( unsigned char *rk,
|
|||
: "r" (rk), "r" (key)
|
||||
: "memory", "cc", "0" );
|
||||
}
|
||||
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
|
||||
|
||||
/*
|
||||
* Key expansion, wrapper
|
||||
|
@ -457,8 +461,10 @@ int mbedtls_aesni_setkey_enc( unsigned char *rk,
|
|||
switch( bits )
|
||||
{
|
||||
case 128: aesni_setkey_enc_128( rk, key ); break;
|
||||
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
case 192: aesni_setkey_enc_192( rk, key ); break;
|
||||
case 256: aesni_setkey_enc_256( rk, key ); break;
|
||||
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
|
||||
default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
|
||||
}
|
||||
|
||||
|
|
|
@ -797,6 +797,14 @@ int mbedtls_gcm_self_test( int verbose )
|
|||
mbedtls_printf( " AES-GCM-%3d #%d (%s): ",
|
||||
key_len, i, "enc" );
|
||||
|
||||
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
if( key_len > 128 )
|
||||
{
|
||||
mbedtls_printf( "skipped\n" );
|
||||
continue;
|
||||
}
|
||||
#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
|
||||
|
||||
ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
|
||||
key_len );
|
||||
/*
|
||||
|
|
|
@ -2930,6 +2930,14 @@ int query_config( const char *config )
|
|||
}
|
||||
#endif /* MBEDTLS_PK_SINGLE_TYPE */
|
||||
|
||||
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
if( strcmp( "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
|
||||
|
||||
/* If the symbol is not found, return an error */
|
||||
return( 1 );
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue