PSA: auto-enable CIPHER_ENCRYPT_ONLY if cipher-decrypt is not needed
Some cipher modes use cipher-encrypt to encrypt and decrypt. (E.g: ECB, CBC). This commit adds support to automatically enable CIPHER_ENCRYPT_ONLY by PSA when requested cipher modes don't need cipher_decrypt. Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit is contained in:
Yanray Wang
parent
380be5af3a
commit
67208fdba8
1 changed files with 13 additions and 0 deletions
|
|
@ -598,6 +598,19 @@
|
|||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */
|
||||
#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
|
||||
|
||||
/*
|
||||
* ECB, CBC, XTS modes require both ENCRYPT and DECRYPT directions.
|
||||
* CIPHER_ENCRYPT_ONLY is only enabled when those modes are not requested
|
||||
* via the PSA API.
|
||||
*
|
||||
* Note: XTS is not yet supported via the PSA API in Mbed TLS.
|
||||
*/
|
||||
#if !defined(PSA_WANT_ALG_ECB_NO_PADDING) && \
|
||||
!defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
|
||||
!defined(PSA_WANT_ALG_CBC_PKCS7)
|
||||
#define MBEDTLS_CIPHER_ENCRYPT_ONLY 1
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
|
||||
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
|
||||
|
|
|
|||
Loading…
Reference in a new issue