yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

check_config.h: add checks for CIPHER_ENCRYPT_ONLY

Browse source 
MBEDTLS_CIPHER_ENCRYPT_ONLY is an internal configuration which is
automatically enabled via the PSA. Typically,
once MBEDTLS_CIPHER_ENCRYPT_ONLY is enabled,
MBEDTLS_PSA_CRYPTO_CONFIG must be enabled. This check is only used
to prevent user explicitly enabling MBEDTLS_CIPHER_ENCRYPT_ONLY.

In addition, we shouldn't enable MBEDTLS_CIPHER_ENCRYPT_ONLY if
either CIPHER_MODE_CBC, CIPHER_MODE_XTS or NIST_KW_C is enabled.
Since three of them always need AES-decrypt.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit is contained in:
Yanray Wang 2023-08-30 13:58:15 +08:00
parent 3c565275c4
commit 72d7bb4bca
2 changed files with 16 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
include/mbedtls/check_config.h
View file

@ -84,6 +84,14 @@
#error "MBEDTLS_NIST_KW_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) && \
(!defined(MBEDTLS_PSA_CRYPTO_CONFIG) || \
(defined(MBEDTLS_CIPHER_MODE_CBC) || \
defined(MBEDTLS_CIPHER_MODE_XTS) || \
defined(MBEDTLS_NIST_KW_C)))
#error "MBEDTLS_CIPHER_ENCRYPT_ONLY defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
#endif

13
include/mbedtls/config_psa.h
View file

@ -599,15 +599,18 @@
#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
/*
* ECB, CBC, XTS modes require both ENCRYPT and DECRYPT directions.
* CIPHER_ENCRYPT_ONLY is only enabled when those modes are not requested
* via the PSA API.
* ECB, CBC, XTS, KW modes require both ENCRYPT and DECRYPT directions.
* MBEDTLS_CIPHER_ENCRYPT_ONLY is only enabled when those modes
* are not requested via the PSA API and are not enabled in the legacy API.
*
* Note: XTS is not yet supported via the PSA API in Mbed TLS.
* Note: XTS, KW are not yet supported via the PSA API in Mbed TLS.
*/
#if !defined(PSA_WANT_ALG_ECB_NO_PADDING) && \
!defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
!defined(PSA_WANT_ALG_CBC_PKCS7)
!defined(PSA_WANT_ALG_CBC_PKCS7) && \
!defined(MBEDTLS_CIPHER_MODE_CBC) && \
!defined(MBEDTLS_CIPHER_MODE_XTS) && \
!defined(MBEDTLS_NIST_KW_C)
#define MBEDTLS_CIPHER_ENCRYPT_ONLY 1
#endif