AES: add macro of MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
Add configuration option to support 128-bit key length only in AES calculation. Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit is contained in:
Arto Kinnunen
Yanray Wang
parent
ca4ca9a2f8
commit
732ca3221d
3 changed files with 33 additions and 0 deletions
|
|
@ -522,6 +522,25 @@
|
|||
*/
|
||||
//#define MBEDTLS_AES_FEWER_TABLES
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
*
|
||||
* Use only 128-bit keys in AES operations to save ROM.
|
||||
*
|
||||
* Uncommenting this macro removes support for AES operations that are using 192
|
||||
* or 256-bit keys.
|
||||
*
|
||||
* Tradeoff: Uncommenting this macro reduces ROM footprint by ~1116 bytes.
|
||||
*
|
||||
* If uncommented, uncomment also MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
|
||||
*
|
||||
* Module: library/aes.c
|
||||
*
|
||||
* Requires: MBEDTLS_AES_C
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_CAMELLIA_SMALL_MEMORY
|
||||
*
|
||||
|
|
|
|||
|
|
@ -563,8 +563,10 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
|
||||
switch (keybits) {
|
||||
case 128: ctx->nr = 10; break;
|
||||
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
case 192: ctx->nr = 12; break;
|
||||
case 256: ctx->nr = 14; break;
|
||||
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
|
||||
default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
|
||||
}
|
||||
|
||||
|
|
@ -610,6 +612,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
}
|
||||
break;
|
||||
|
||||
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
case 12:
|
||||
|
||||
for (i = 0; i < 8; i++, RK += 6) {
|
||||
|
|
@ -651,6 +654,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
RK[15] = RK[7] ^ RK[14];
|
||||
}
|
||||
break;
|
||||
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
|
|
|||
|
|
@ -273,6 +273,7 @@ static void aesni_setkey_enc_128(unsigned char *rk_bytes,
|
|||
/*
|
||||
* Key expansion, 192-bit case
|
||||
*/
|
||||
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
static void aesni_set_rk_192(__m128i *state0, __m128i *state1, __m128i xword,
|
||||
unsigned char *rk)
|
||||
{
|
||||
|
|
@ -327,10 +328,12 @@ static void aesni_setkey_enc_192(unsigned char *rk,
|
|||
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x40), rk + 24 * 7);
|
||||
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x80), rk + 24 * 8);
|
||||
}
|
||||
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
|
||||
|
||||
/*
|
||||
* Key expansion, 256-bit case
|
||||
*/
|
||||
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
static void aesni_set_rk_256(__m128i state0, __m128i state1, __m128i xword,
|
||||
__m128i *rk0, __m128i *rk1)
|
||||
{
|
||||
|
|
@ -387,6 +390,7 @@ static void aesni_setkey_enc_256(unsigned char *rk_bytes,
|
|||
aesni_set_rk_256(rk[10], rk[11], _mm_aeskeygenassist_si128(rk[11], 0x20), &rk[12], &rk[13]);
|
||||
aesni_set_rk_256(rk[12], rk[13], _mm_aeskeygenassist_si128(rk[13], 0x40), &rk[14], &rk[15]);
|
||||
}
|
||||
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
|
||||
|
||||
#else /* MBEDTLS_AESNI_HAVE_CODE == 1 */
|
||||
|
||||
|
|
@ -656,6 +660,7 @@ static void aesni_setkey_enc_128(unsigned char *rk,
|
|||
/*
|
||||
* Key expansion, 192-bit case
|
||||
*/
|
||||
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
static void aesni_setkey_enc_192(unsigned char *rk,
|
||||
const unsigned char *key)
|
||||
{
|
||||
|
|
@ -709,10 +714,12 @@ static void aesni_setkey_enc_192(unsigned char *rk,
|
|||
: "r" (rk), "r" (key)
|
||||
: "memory", "cc", "0");
|
||||
}
|
||||
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
|
||||
|
||||
/*
|
||||
* Key expansion, 256-bit case
|
||||
*/
|
||||
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
static void aesni_setkey_enc_256(unsigned char *rk,
|
||||
const unsigned char *key)
|
||||
{
|
||||
|
|
@ -775,6 +782,7 @@ static void aesni_setkey_enc_256(unsigned char *rk,
|
|||
: "r" (rk), "r" (key)
|
||||
: "memory", "cc", "0");
|
||||
}
|
||||
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
|
||||
|
||||
#endif /* MBEDTLS_AESNI_HAVE_CODE */
|
||||
|
||||
|
|
@ -787,8 +795,10 @@ int mbedtls_aesni_setkey_enc(unsigned char *rk,
|
|||
{
|
||||
switch (bits) {
|
||||
case 128: aesni_setkey_enc_128(rk, key); break;
|
||||
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
case 192: aesni_setkey_enc_192(rk, key); break;
|
||||
case 256: aesni_setkey_enc_256(rk, key); break;
|
||||
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
|
||||
default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue