From 77b9cfcea92934dc2f48e9747c0a3b60f7d703bf Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Fri, 30 Aug 2019 11:43:21 +0300 Subject: [PATCH] AES: add config option for 128-bit keys Add configuration options to support only 128-bit key lengths in AES calculation. --- configs/baremetal.h | 1 + include/mbedtls/config.h | 19 ++++++++++++++++ library/aes.c | 44 ++++++++++++++++++++++++++++++++++++- library/aesni.c | 6 +++++ library/gcm.c | 8 +++++++ programs/ssl/query_config.c | 8 +++++++ 6 files changed, 85 insertions(+), 1 deletion(-) diff --git a/configs/baremetal.h b/configs/baremetal.h index 64d9e04d8..8e735c6c8 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -39,6 +39,7 @@ #define MBEDTLS_AES_C #define MBEDTLS_AES_ROM_TABLES #define MBEDTLS_AES_FEWER_TABLES +#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH #define MBEDTLS_CCM_C /* Asymmetric crypto: Single-curve ECC only. */ diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 1a057a4af..a2f187547 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3863,6 +3863,25 @@ /* \} SECTION: Compile-time SSL configuration */ +/** + * \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH + * + * Use only 128-bit keys in AES operations. + * + * Uncommenting this macro removes support for AES operations that are using 192 + * or 256-bit keys. + * + * Tradeoff: Uncommenting this macro reduces ROM footprint by ~200 bytes. + * + * If uncommented, uncomment also MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + * + * Module: library/aes.c + * + * Requires: MBEDTLS_AES_C + * + */ +//#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH + /* Target and application specific configurations * * Allow user to override any previous default. diff --git a/library/aes.c b/library/aes.c index 247bbde4f..2672cdfd4 100644 --- a/library/aes.c +++ b/library/aes.c @@ -565,8 +565,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, switch( keybits ) { case 128: ctx->nr = 10; break; +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) case 192: ctx->nr = 12; break; case 256: ctx->nr = 14; break; +#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); } @@ -615,7 +617,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, RK[7] = RK[3] ^ RK[6]; } break; - +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) case 12: for( i = 0; i < 8; i++, RK += 6 ) @@ -659,6 +661,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, RK[15] = RK[7] ^ RK[14]; } break; +#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ } return( 0 ); @@ -1825,6 +1828,14 @@ int mbedtls_aes_self_test( int verbose ) mbedtls_printf( " AES-ECB-%3d (%s): ", keybits, ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); +#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) + if( keybits > 128 ) + { + mbedtls_printf( "skipped\n" ); + continue; + } +#endif + mbedtls_platform_memset( buf, 0, 16 ); if( mode == MBEDTLS_AES_DECRYPT ) @@ -1887,6 +1898,14 @@ int mbedtls_aes_self_test( int verbose ) mbedtls_printf( " AES-CBC-%3d (%s): ", keybits, ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); +#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) + if( keybits > 128 ) + { + mbedtls_printf( "skipped\n" ); + continue; + } +#endif + mbedtls_platform_memset( iv , 0, 16 ); mbedtls_platform_memset( prv, 0, 16 ); mbedtls_platform_memset( buf, 0, 16 ); @@ -1962,6 +1981,14 @@ int mbedtls_aes_self_test( int verbose ) mbedtls_printf( " AES-CFB128-%3d (%s): ", keybits, ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); +#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) + if( keybits > 128 ) + { + mbedtls_printf( "skipped\n" ); + continue; + } +#endif + memcpy( iv, aes_test_cfb128_iv, 16 ); memcpy( key, aes_test_cfb128_key[u], keybits / 8 ); @@ -2025,6 +2052,13 @@ int mbedtls_aes_self_test( int verbose ) mbedtls_printf( " AES-OFB-%3d (%s): ", keybits, ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); +#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) + if( keybits > 128 ) + { + mbedtls_printf( "skipped\n" ); + continue; + } +#endif memcpy( iv, aes_test_ofb_iv, 16 ); memcpy( key, aes_test_ofb_key[u], keybits / 8 ); @@ -2087,6 +2121,14 @@ int mbedtls_aes_self_test( int verbose ) mbedtls_printf( " AES-CTR-128 (%s): ", ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); +#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) + if( keybits > 128 ) + { + mbedtls_printf( "skipped\n" ); + continue; + } +#endif + memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 ); memcpy( key, aes_test_ctr_key[u], 16 ); diff --git a/library/aesni.c b/library/aesni.c index 062708b04..c5873fc4a 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -327,6 +327,7 @@ static void aesni_setkey_enc_128( unsigned char *rk, /* * Key expansion, 192-bit case */ +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) static void aesni_setkey_enc_192( unsigned char *rk, const unsigned char *key ) { @@ -380,10 +381,12 @@ static void aesni_setkey_enc_192( unsigned char *rk, : "r" (rk), "r" (key) : "memory", "cc", "0" ); } +#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ /* * Key expansion, 256-bit case */ +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) static void aesni_setkey_enc_256( unsigned char *rk, const unsigned char *key ) { @@ -446,6 +449,7 @@ static void aesni_setkey_enc_256( unsigned char *rk, : "r" (rk), "r" (key) : "memory", "cc", "0" ); } +#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ /* * Key expansion, wrapper @@ -457,8 +461,10 @@ int mbedtls_aesni_setkey_enc( unsigned char *rk, switch( bits ) { case 128: aesni_setkey_enc_128( rk, key ); break; +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) case 192: aesni_setkey_enc_192( rk, key ); break; case 256: aesni_setkey_enc_256( rk, key ); break; +#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); } diff --git a/library/gcm.c b/library/gcm.c index c3a44c21e..f30e3df7e 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -797,6 +797,14 @@ int mbedtls_gcm_self_test( int verbose ) mbedtls_printf( " AES-GCM-%3d #%d (%s): ", key_len, i, "enc" ); +#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) + if( key_len > 128 ) + { + mbedtls_printf( "skipped\n" ); + continue; + } +#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ + ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len ); /* diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index 0c2692179..379e0161d 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -2930,6 +2930,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_PK_SINGLE_TYPE */ +#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) + if( strcmp( "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ); + return( 0 ); + } +#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ + /* If the symbol is not found, return an error */ return( 1 ); }