From 4137609776bcf1aaaf0dce61951c09895754cf75 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 4 Jun 2024 16:37:42 +0100 Subject: [PATCH] Remove MBEDTLS_AES_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/mbedtls_config.h | 26 ------------------- tests/include/alt-dummy/aes_alt.h | 23 ---------------- tests/include/test/psa_crypto_helpers.h | 3 +-- .../drivers/builtin/include/mbedtls/aes.h | 8 ------ tf-psa-crypto/drivers/builtin/src/aes.c | 24 ++++++----------- tf-psa-crypto/drivers/builtin/src/gcm.c | 4 +-- 6 files changed, 11 insertions(+), 77 deletions(-) delete mode 100644 tests/include/alt-dummy/aes_alt.h diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index c1f08f9d3..c217cf79d 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -350,32 +350,6 @@ */ //#define MBEDTLS_TIMING_ALT -/** - * \def MBEDTLS_AES_ALT - * - * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let Mbed TLS use your - * alternate core implementation of a symmetric crypto, an arithmetic or hash - * module (e.g. platform specific assembly optimized implementations). Keep - * in mind that the function prototypes should remain the same. - * - * This replaces the whole module. If you only want to replace one of the - * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. - * - * Example: In case you uncomment MBEDTLS_AES_ALT, Mbed TLS will no longer - * provide the "struct mbedtls_aes_context" definition and omit the base - * function declarations and implementations. "aes_alt.h" will be included from - * "aes.h" to include the new function definitions. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * module. - * - * \warning MD5, DES and SHA-1 are considered weak and their - * use constitutes a security risk. If possible, we recommend - * avoiding dependencies on them, and considering stronger message - * digests and ciphers instead. - * - */ -//#define MBEDTLS_AES_ALT //#define MBEDTLS_ARIA_ALT //#define MBEDTLS_CAMELLIA_ALT //#define MBEDTLS_CCM_ALT diff --git a/tests/include/alt-dummy/aes_alt.h b/tests/include/alt-dummy/aes_alt.h deleted file mode 100644 index dc47dd16c..000000000 --- a/tests/include/alt-dummy/aes_alt.h +++ /dev/null @@ -1,23 +0,0 @@ -/* aes_alt.h with dummy types for MBEDTLS_AES_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef AES_ALT_H -#define AES_ALT_H - -typedef struct mbedtls_aes_context { - int dummy; -} -mbedtls_aes_context; - -#if defined(MBEDTLS_CIPHER_MODE_XTS) - -typedef struct mbedtls_aes_xts_context { - int dummy; -} mbedtls_aes_xts_context; -#endif - - -#endif /* aes_alt.h */ diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 7393d81dc..5bab8e461 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -251,8 +251,7 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); * \param key_type Key type * \param key_bits Key length in number of bits. */ -#if defined(MBEDTLS_AES_ALT) || \ - defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ +#if defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) #define MBEDTLS_TEST_HAVE_ALT_AES 1 #else diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h index a07c8a5f9..559e1d84e 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h @@ -53,10 +53,6 @@ extern "C" { #endif -#if !defined(MBEDTLS_AES_ALT) -// Regular implementation -// - /** * \brief The AES context-type definition. */ @@ -88,10 +84,6 @@ typedef struct mbedtls_aes_xts_context { } mbedtls_aes_xts_context; #endif /* MBEDTLS_CIPHER_MODE_XTS */ -#else /* MBEDTLS_AES_ALT */ -#include "aes_alt.h" -#endif /* MBEDTLS_AES_ALT */ - /** * \brief This function initializes the specified AES context. * diff --git a/tf-psa-crypto/drivers/builtin/src/aes.c b/tf-psa-crypto/drivers/builtin/src/aes.c index 72e2c5745..eef55e651 100644 --- a/tf-psa-crypto/drivers/builtin/src/aes.c +++ b/tf-psa-crypto/drivers/builtin/src/aes.c @@ -50,8 +50,6 @@ #define MBEDTLS_AES_NEED_REVERSE_TABLES #endif -#if !defined(MBEDTLS_AES_ALT) - #if defined(MBEDTLS_AES_ROM_TABLES) /* * Forward S-box @@ -1436,8 +1434,6 @@ exit: } #endif /* MBEDTLS_CIPHER_MODE_CTR */ -#endif /* !MBEDTLS_AES_ALT */ - #if defined(MBEDTLS_SELF_TEST) /* * AES test vectors from: @@ -1800,9 +1796,6 @@ int mbedtls_aes_self_test(int verbose) mbedtls_aes_init(&ctx); if (verbose != 0) { -#if defined(MBEDTLS_AES_ALT) - mbedtls_printf(" AES note: alternative implementation.\n"); -#else /* MBEDTLS_AES_ALT */ #if defined(MBEDTLS_AESNI_HAVE_CODE) #if MBEDTLS_AESNI_HAVE_CODE == 1 mbedtls_printf(" AES note: AESNI code present (assembly implementation).\n"); @@ -1825,7 +1818,6 @@ int mbedtls_aes_self_test(int verbose) mbedtls_printf(" AES note: built-in implementation.\n"); #endif } -#endif /* MBEDTLS_AES_ALT */ } /* @@ -1868,8 +1860,8 @@ int mbedtls_aes_self_test(int verbose) /* * AES-192 is an optional feature that may be unavailable when - * there is an alternative underlying implementation i.e. when - * MBEDTLS_AES_ALT is defined. + * there is an alternative underlying implementation such as a + * PSA driver. */ if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) { mbedtls_printf("skipped\n"); @@ -1932,8 +1924,8 @@ int mbedtls_aes_self_test(int verbose) /* * AES-192 is an optional feature that may be unavailable when - * there is an alternative underlying implementation i.e. when - * MBEDTLS_AES_ALT is defined. + * there is an alternative underlying implementation such as a + * PSA driver. */ if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) { mbedtls_printf("skipped\n"); @@ -1999,8 +1991,8 @@ int mbedtls_aes_self_test(int verbose) ret = mbedtls_aes_setkey_enc(&ctx, key, keybits); /* * AES-192 is an optional feature that may be unavailable when - * there is an alternative underlying implementation i.e. when - * MBEDTLS_AES_ALT is defined. + * there is an alternative underlying implementation such as a + * PSA driver. */ if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) { mbedtls_printf("skipped\n"); @@ -2063,8 +2055,8 @@ int mbedtls_aes_self_test(int verbose) ret = mbedtls_aes_setkey_enc(&ctx, key, keybits); /* * AES-192 is an optional feature that may be unavailable when - * there is an alternative underlying implementation i.e. when - * MBEDTLS_AES_ALT is defined. + * there is an alternative underlying implementation such as a + * PSA driver. */ if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) { mbedtls_printf("skipped\n"); diff --git a/tf-psa-crypto/drivers/builtin/src/gcm.c b/tf-psa-crypto/drivers/builtin/src/gcm.c index 5dfac2349..bf219431a 100644 --- a/tf-psa-crypto/drivers/builtin/src/gcm.c +++ b/tf-psa-crypto/drivers/builtin/src/gcm.c @@ -1062,8 +1062,8 @@ int mbedtls_gcm_self_test(int verbose) key_len); /* * AES-192 is an optional feature that may be unavailable when - * there is an alternative underlying implementation i.e. when - * MBEDTLS_AES_ALT is defined. + * there is an alternative underlying implementation such as a + * PSA driver. */ if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && key_len == 192) { mbedtls_printf("skipped\n");