yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

PSA: auto-enable CIPHER_ENCRYPT_ONLY if cipher-decrypt is not needed

Browse source 
Some cipher modes use cipher-encrypt to encrypt and decrypt.
(E.g: ECB, CBC). This commit adds support to automatically
enable CIPHER_ENCRYPT_ONLY by PSA when requested cipher modes don't
need cipher_decrypt.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit is contained in:
Yanray Wang 2023-05-15 18:02:46 +08:00
parent 380be5af3a
commit 67208fdba8
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
include/mbedtls/config_psa.h
View file

@ -598,6 +598,19 @@
#endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */ #endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */
#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
/*
* ECB, CBC, XTS modes require both ENCRYPT and DECRYPT directions.
* CIPHER_ENCRYPT_ONLY is only enabled when those modes are not requested
* via the PSA API.
*
* Note: XTS is not yet supported via the PSA API in Mbed TLS.
*/
#if !defined(PSA_WANT_ALG_ECB_NO_PADDING) && \
!defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
!defined(PSA_WANT_ALG_CBC_PKCS7)
#define MBEDTLS_CIPHER_ENCRYPT_ONLY 1
#endif
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) #if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
#define MBEDTLS_ECP_DP_BP256R1_ENABLED #define MBEDTLS_ECP_DP_BP256R1_ENABLED