yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-05-29 20:57:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

AES: add config option for 128-bit keys

Browse source 
Add configuration options to support only 128-bit key lengths in AES
calculation.
This commit is contained in:
Arto Kinnunen 2019-08-30 11:43:21 +03:00
parent e2bf54d3d1
commit 77b9cfcea9
6 changed files with 85 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
configs/baremetal.h
View file

@ -39,6 +39,7 @@
#define MBEDTLS_AES_C #define MBEDTLS_AES_C
#define MBEDTLS_AES_ROM_TABLES #define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_AES_FEWER_TABLES #define MBEDTLS_AES_FEWER_TABLES
#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
#define MBEDTLS_CCM_C #define MBEDTLS_CCM_C
/* Asymmetric crypto: Single-curve ECC only. */ /* Asymmetric crypto: Single-curve ECC only. */

19
include/mbedtls/config.h
View file

@ -3863,6 +3863,25 @@
/* \} SECTION: Compile-time SSL configuration */ /* \} SECTION: Compile-time SSL configuration */
/**
* \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
*
* Use only 128-bit keys in AES operations.
*
* Uncommenting this macro removes support for AES operations that are using 192
* or 256-bit keys.
*
* Tradeoff: Uncommenting this macro reduces ROM footprint by ~200 bytes.
*
* If uncommented, uncomment also MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
*
* Module: library/aes.c
*
* Requires: MBEDTLS_AES_C
*
*/
//#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
/* Target and application specific configurations /* Target and application specific configurations
* *
* Allow user to override any previous default. * Allow user to override any previous default.

44
library/aes.c
View file

@ -565,8 +565,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
switch( keybits ) switch( keybits )
{ {
case 128: ctx->nr = 10; break; case 128: ctx->nr = 10; break;
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
case 192: ctx->nr = 12; break; case 192: ctx->nr = 12; break;
case 256: ctx->nr = 14; break; case 256: ctx->nr = 14; break;
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
} }
@ -615,7 +617,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
RK[7] = RK[3] ^ RK[6]; RK[7] = RK[3] ^ RK[6];
} }
break; break;
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
case 12: case 12:
for( i = 0; i < 8; i++, RK += 6 ) for( i = 0; i < 8; i++, RK += 6 )
@ -659,6 +661,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
RK[15] = RK[7] ^ RK[14]; RK[15] = RK[7] ^ RK[14];
} }
break; break;
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
} }
return( 0 ); return( 0 );
@ -1825,6 +1828,14 @@ int mbedtls_aes_self_test( int verbose )
mbedtls_printf( " AES-ECB-%3d (%s): ", keybits, mbedtls_printf( " AES-ECB-%3d (%s): ", keybits,
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
if( keybits > 128 )
{
mbedtls_printf( "skipped\n" );
continue;
}
#endif
mbedtls_platform_memset( buf, 0, 16 ); mbedtls_platform_memset( buf, 0, 16 );
if( mode == MBEDTLS_AES_DECRYPT ) if( mode == MBEDTLS_AES_DECRYPT )
@ -1887,6 +1898,14 @@ int mbedtls_aes_self_test( int verbose )
mbedtls_printf( " AES-CBC-%3d (%s): ", keybits, mbedtls_printf( " AES-CBC-%3d (%s): ", keybits,
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
if( keybits > 128 )
{
mbedtls_printf( "skipped\n" );
continue;
}
#endif
mbedtls_platform_memset( iv , 0, 16 ); mbedtls_platform_memset( iv , 0, 16 );
mbedtls_platform_memset( prv, 0, 16 ); mbedtls_platform_memset( prv, 0, 16 );
mbedtls_platform_memset( buf, 0, 16 ); mbedtls_platform_memset( buf, 0, 16 );
@ -1962,6 +1981,14 @@ int mbedtls_aes_self_test( int verbose )
mbedtls_printf( " AES-CFB128-%3d (%s): ", keybits, mbedtls_printf( " AES-CFB128-%3d (%s): ", keybits,
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
if( keybits > 128 )
{
mbedtls_printf( "skipped\n" );
continue;
}
#endif
memcpy( iv, aes_test_cfb128_iv, 16 ); memcpy( iv, aes_test_cfb128_iv, 16 );
memcpy( key, aes_test_cfb128_key[u], keybits / 8 ); memcpy( key, aes_test_cfb128_key[u], keybits / 8 );
@ -2025,6 +2052,13 @@ int mbedtls_aes_self_test( int verbose )
mbedtls_printf( " AES-OFB-%3d (%s): ", keybits, mbedtls_printf( " AES-OFB-%3d (%s): ", keybits,
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
if( keybits > 128 )
{
mbedtls_printf( "skipped\n" );
continue;
}
#endif
memcpy( iv, aes_test_ofb_iv, 16 ); memcpy( iv, aes_test_ofb_iv, 16 );
memcpy( key, aes_test_ofb_key[u], keybits / 8 ); memcpy( key, aes_test_ofb_key[u], keybits / 8 );
@ -2087,6 +2121,14 @@ int mbedtls_aes_self_test( int verbose )
mbedtls_printf( " AES-CTR-128 (%s): ", mbedtls_printf( " AES-CTR-128 (%s): ",
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
if( keybits > 128 )
{
mbedtls_printf( "skipped\n" );
continue;
}
#endif
memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 ); memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 );
memcpy( key, aes_test_ctr_key[u], 16 ); memcpy( key, aes_test_ctr_key[u], 16 );

6
library/aesni.c
View file

@ -327,6 +327,7 @@ static void aesni_setkey_enc_128( unsigned char *rk,
/* /*
* Key expansion, 192-bit case * Key expansion, 192-bit case
*/ */
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static void aesni_setkey_enc_192( unsigned char *rk, static void aesni_setkey_enc_192( unsigned char *rk,
const unsigned char *key ) const unsigned char *key )
{ {
@ -380,10 +381,12 @@ static void aesni_setkey_enc_192( unsigned char *rk,
: "r" (rk), "r" (key) : "r" (rk), "r" (key)
: "memory", "cc", "0" ); : "memory", "cc", "0" );
} }
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
/* /*
* Key expansion, 256-bit case * Key expansion, 256-bit case
*/ */
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static void aesni_setkey_enc_256( unsigned char *rk, static void aesni_setkey_enc_256( unsigned char *rk,
const unsigned char *key ) const unsigned char *key )
{ {
@ -446,6 +449,7 @@ static void aesni_setkey_enc_256( unsigned char *rk,
: "r" (rk), "r" (key) : "r" (rk), "r" (key)
: "memory", "cc", "0" ); : "memory", "cc", "0" );
} }
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
/* /*
* Key expansion, wrapper * Key expansion, wrapper
@ -457,8 +461,10 @@ int mbedtls_aesni_setkey_enc( unsigned char *rk,
switch( bits ) switch( bits )
{ {
case 128: aesni_setkey_enc_128( rk, key ); break; case 128: aesni_setkey_enc_128( rk, key ); break;
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
case 192: aesni_setkey_enc_192( rk, key ); break; case 192: aesni_setkey_enc_192( rk, key ); break;
case 256: aesni_setkey_enc_256( rk, key ); break; case 256: aesni_setkey_enc_256( rk, key ); break;
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
} }

8
library/gcm.c
View file

@ -797,6 +797,14 @@ int mbedtls_gcm_self_test( int verbose )
mbedtls_printf( " AES-GCM-%3d #%d (%s): ", mbedtls_printf( " AES-GCM-%3d #%d (%s): ",
key_len, i, "enc" ); key_len, i, "enc" );
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
if( key_len > 128 )
{
mbedtls_printf( "skipped\n" );
continue;
}
#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
key_len ); key_len );
/* /*

8
programs/ssl/query_config.c
View file

@ -2930,6 +2930,14 @@ int query_config( const char *config )
} }
#endif /* MBEDTLS_PK_SINGLE_TYPE */ #endif /* MBEDTLS_PK_SINGLE_TYPE */
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
if( strcmp( "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH );
return( 0 );
}
#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
/* If the symbol is not found, return an error */ /* If the symbol is not found, return an error */
return( 1 ); return( 1 );
} }