yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Enable CIPHER_ENCRYPT_ONLY when DES is disabled

Browse source 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit is contained in:
Yanray Wang 2023-09-07 17:50:14 +08:00
parent c5944d4a3c
commit 3caaf0c61e
3 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ChangeLog.d/add-cipher-encrypt-only.txt
View file

@ -4,3 +4,4 @@ Features
MBEDTLS_CIPHER_ENCRYPT_ONLY when
- ECB and CBC cipher modes are not requested via the PSA API.
- ECB, CBC, XTS and KW are not enabled in the legacy API.
- DES is not requested in the PSA API and the legacy API.

6
include/mbedtls/config_adjust_legacy_crypto.h
View file

@ -39,14 +39,20 @@
* MBEDTLS_CIPHER_ENCRYPT_ONLY is only enabled when those modes
* are not requested via the PSA API and are not enabled in the legacy API.
*
* DES only supports ECB and CBC modes in Mbed TLS. As it's a deprecated and
* insecure block cipher, MBEDTLS_CIPHER_ENCRYPT_ONLY is enabled when DES
* is not requested via the PSA API and is not enabled in the legacy API.
*
* Note: XTS, KW are not yet supported via the PSA API in Mbed TLS.
*/
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
#if !defined(PSA_WANT_ALG_ECB_NO_PADDING) && \
!defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
!defined(PSA_WANT_ALG_CBC_PKCS7) && \
!defined(PSA_WANT_KEY_TYPE_DES) && \
!defined(MBEDTLS_CIPHER_MODE_CBC) && \
!defined(MBEDTLS_CIPHER_MODE_XTS) && \
!defined(MBEDTLS_DES_C) && \
!defined(MBEDTLS_NIST_KW_C)
#define MBEDTLS_CIPHER_ENCRYPT_ONLY 1
#endif

6
tests/scripts/all.sh
View file

@ -4207,11 +4207,13 @@ component_test_cipher_encrypt_only_aesni () {
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
scripts/config.py unset MBEDTLS_DES_C
scripts/config.py unset MBEDTLS_NIST_KW_C
echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h
echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h
echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h
echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h
# test AESNI intrinsics
scripts/config.py set MBEDTLS_AESNI_C
@ -4260,11 +4262,13 @@ component_test_cipher_encrypt_only_aesni_m32 () {
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
scripts/config.py unset MBEDTLS_DES_C
scripts/config.py unset MBEDTLS_NIST_KW_C
echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h
echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h
echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h
echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h
# test AESNI intrinsics for i386 with VIA PADLOCK
scripts/config.py set MBEDTLS_AESNI_C
@ -4321,11 +4325,13 @@ component_test_cipher_encrypt_only_aesce_armcc () {
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
scripts/config.py unset MBEDTLS_DES_C
scripts/config.py unset MBEDTLS_NIST_KW_C
echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h
echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h
echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h
echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h
# test AESCE baremetal build
scripts/config.py set MBEDTLS_AESCE_C