cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-02 10:00:47 -04:00
Code Issues Packages Projects Releases Wiki Activity

AES: add macro of MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH

Browse Source 
Add configuration option to support 128-bit key length only
in AES calculation.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit is contained in:
Arto Kinnunen 2023-04-14 14:26:10 +08:00 committed by Yanray Wang
parent ca4ca9a2f8
commit 732ca3221d
3 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
include/mbedtls/mbedtls_config.h
View File

@ -522,6 +522,25 @@
*/ */
//#define MBEDTLS_AES_FEWER_TABLES //#define MBEDTLS_AES_FEWER_TABLES
/**
* \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
*
* Use only 128-bit keys in AES operations to save ROM.
*
* Uncommenting this macro removes support for AES operations that are using 192
* or 256-bit keys.
*
* Tradeoff: Uncommenting this macro reduces ROM footprint by ~1116 bytes.
*
* If uncommented, uncomment also MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
*
* Module: library/aes.c
*
* Requires: MBEDTLS_AES_C
*
*/
//#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
/** /**
* \def MBEDTLS_CAMELLIA_SMALL_MEMORY * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
* *

4
library/aes.c
View File

@ -563,8 +563,10 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
switch (keybits) { switch (keybits) {
case 128: ctx->nr = 10; break; case 128: ctx->nr = 10; break;
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
case 192: ctx->nr = 12; break; case 192: ctx->nr = 12; break;
case 256: ctx->nr = 14; break; case 256: ctx->nr = 14; break;
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
} }
@ -610,6 +612,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
} }
break; break;
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
case 12: case 12:
for (i = 0; i < 8; i++, RK += 6) { for (i = 0; i < 8; i++, RK += 6) {
@ -651,6 +654,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
RK[15] = RK[7] ^ RK[14]; RK[15] = RK[7] ^ RK[14];
} }
break; break;
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
} }
return 0; return 0;

10
library/aesni.c
View File

@ -273,6 +273,7 @@ static void aesni_setkey_enc_128(unsigned char *rk_bytes,
/* /*
* Key expansion, 192-bit case * Key expansion, 192-bit case
*/ */
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static void aesni_set_rk_192(__m128i *state0, __m128i *state1, __m128i xword, static void aesni_set_rk_192(__m128i *state0, __m128i *state1, __m128i xword,
unsigned char *rk) unsigned char *rk)
{ {
@ -327,10 +328,12 @@ static void aesni_setkey_enc_192(unsigned char *rk,
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x40), rk + 24 * 7); aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x40), rk + 24 * 7);
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x80), rk + 24 * 8); aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x80), rk + 24 * 8);
} }
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
/* /*
* Key expansion, 256-bit case * Key expansion, 256-bit case
*/ */
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static void aesni_set_rk_256(__m128i state0, __m128i state1, __m128i xword, static void aesni_set_rk_256(__m128i state0, __m128i state1, __m128i xword,
__m128i *rk0, __m128i *rk1) __m128i *rk0, __m128i *rk1)
{ {
@ -387,6 +390,7 @@ static void aesni_setkey_enc_256(unsigned char *rk_bytes,
aesni_set_rk_256(rk[10], rk[11], _mm_aeskeygenassist_si128(rk[11], 0x20), &rk[12], &rk[13]); aesni_set_rk_256(rk[10], rk[11], _mm_aeskeygenassist_si128(rk[11], 0x20), &rk[12], &rk[13]);
aesni_set_rk_256(rk[12], rk[13], _mm_aeskeygenassist_si128(rk[13], 0x40), &rk[14], &rk[15]); aesni_set_rk_256(rk[12], rk[13], _mm_aeskeygenassist_si128(rk[13], 0x40), &rk[14], &rk[15]);
} }
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
#else /* MBEDTLS_AESNI_HAVE_CODE == 1 */ #else /* MBEDTLS_AESNI_HAVE_CODE == 1 */
@ -656,6 +660,7 @@ static void aesni_setkey_enc_128(unsigned char *rk,
/* /*
* Key expansion, 192-bit case * Key expansion, 192-bit case
*/ */
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static void aesni_setkey_enc_192(unsigned char *rk, static void aesni_setkey_enc_192(unsigned char *rk,
const unsigned char *key) const unsigned char *key)
{ {
@ -709,10 +714,12 @@ static void aesni_setkey_enc_192(unsigned char *rk,
: "r" (rk), "r" (key) : "r" (rk), "r" (key)
: "memory", "cc", "0"); : "memory", "cc", "0");
} }
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
/* /*
* Key expansion, 256-bit case * Key expansion, 256-bit case
*/ */
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static void aesni_setkey_enc_256(unsigned char *rk, static void aesni_setkey_enc_256(unsigned char *rk,
const unsigned char *key) const unsigned char *key)
{ {
@ -775,6 +782,7 @@ static void aesni_setkey_enc_256(unsigned char *rk,
: "r" (rk), "r" (key) : "r" (rk), "r" (key)
: "memory", "cc", "0"); : "memory", "cc", "0");
} }
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
#endif /* MBEDTLS_AESNI_HAVE_CODE */ #endif /* MBEDTLS_AESNI_HAVE_CODE */
@ -787,8 +795,10 @@ int mbedtls_aesni_setkey_enc(unsigned char *rk,
{ {
switch (bits) { switch (bits) {
case 128: aesni_setkey_enc_128(rk, key); break; case 128: aesni_setkey_enc_128(rk, key); break;
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
case 192: aesni_setkey_enc_192(rk, key); break; case 192: aesni_setkey_enc_192(rk, key); break;
case 256: aesni_setkey_enc_256(rk, key); break; case 256: aesni_setkey_enc_256(rk, key); break;
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
} }