From 732ca3221d907c00e4a8d5c974400cc927a30605 Mon Sep 17 00:00:00 2001
From: Arto Kinnunen <arto.kinnunen@arm.com>
Date: Fri, 14 Apr 2023 14:26:10 +0800
Subject: [PATCH] AES: add macro of MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH

Add configuration option to support 128-bit key length only
in AES calculation.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
---
 include/mbedtls/mbedtls_config.h | 19 +++++++++++++++++++
 library/aes.c                    |  4 ++++
 library/aesni.c                  | 10 ++++++++++
 3 files changed, 33 insertions(+)

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 615885003..8acc377f4 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -522,6 +522,25 @@
  */
 //#define MBEDTLS_AES_FEWER_TABLES
 
+/**
+ * \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+ *
+ * Use only 128-bit keys in AES operations to save ROM.
+ *
+ * Uncommenting this macro removes support for AES operations that are using 192
+ * or 256-bit keys.
+ *
+ * Tradeoff: Uncommenting this macro reduces ROM footprint by ~1116 bytes.
+ *
+ * If uncommented, uncomment also MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ *
+ * Module:  library/aes.c
+ *
+ * Requires: MBEDTLS_AES_C
+ *
+ */
+//#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+
 /**
  * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
  *
diff --git a/library/aes.c b/library/aes.c
index 69da5828a..5493c3119 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -563,8 +563,10 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
 
     switch (keybits) {
         case 128: ctx->nr = 10; break;
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
         case 192: ctx->nr = 12; break;
         case 256: ctx->nr = 14; break;
+#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
         default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
     }
 
@@ -610,6 +612,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
             }
             break;
 
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
         case 12:
 
             for (i = 0; i < 8; i++, RK += 6) {
@@ -651,6 +654,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
                 RK[15] = RK[7] ^ RK[14];
             }
             break;
+#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
     }
 
     return 0;
diff --git a/library/aesni.c b/library/aesni.c
index a23c5b595..9d1c0f135 100644
--- a/library/aesni.c
+++ b/library/aesni.c
@@ -273,6 +273,7 @@ static void aesni_setkey_enc_128(unsigned char *rk_bytes,
 /*
  * Key expansion, 192-bit case
  */
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
 static void aesni_set_rk_192(__m128i *state0, __m128i *state1, __m128i xword,
                              unsigned char *rk)
 {
@@ -327,10 +328,12 @@ static void aesni_setkey_enc_192(unsigned char *rk,
     aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x40), rk + 24 * 7);
     aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x80), rk + 24 * 8);
 }
+#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
 
 /*
  * Key expansion, 256-bit case
  */
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
 static void aesni_set_rk_256(__m128i state0, __m128i state1, __m128i xword,
                              __m128i *rk0, __m128i *rk1)
 {
@@ -387,6 +390,7 @@ static void aesni_setkey_enc_256(unsigned char *rk_bytes,
     aesni_set_rk_256(rk[10], rk[11], _mm_aeskeygenassist_si128(rk[11], 0x20), &rk[12], &rk[13]);
     aesni_set_rk_256(rk[12], rk[13], _mm_aeskeygenassist_si128(rk[13], 0x40), &rk[14], &rk[15]);
 }
+#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
 
 #else /* MBEDTLS_AESNI_HAVE_CODE == 1 */
 
@@ -656,6 +660,7 @@ static void aesni_setkey_enc_128(unsigned char *rk,
 /*
  * Key expansion, 192-bit case
  */
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
 static void aesni_setkey_enc_192(unsigned char *rk,
                                  const unsigned char *key)
 {
@@ -709,10 +714,12 @@ static void aesni_setkey_enc_192(unsigned char *rk,
          : "r" (rk), "r" (key)
          : "memory", "cc", "0");
 }
+#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
 
 /*
  * Key expansion, 256-bit case
  */
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
 static void aesni_setkey_enc_256(unsigned char *rk,
                                  const unsigned char *key)
 {
@@ -775,6 +782,7 @@ static void aesni_setkey_enc_256(unsigned char *rk,
          : "r" (rk), "r" (key)
          : "memory", "cc", "0");
 }
+#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
 
 #endif  /* MBEDTLS_AESNI_HAVE_CODE */
 
@@ -787,8 +795,10 @@ int mbedtls_aesni_setkey_enc(unsigned char *rk,
 {
     switch (bits) {
         case 128: aesni_setkey_enc_128(rk, key); break;
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
         case 192: aesni_setkey_enc_192(rk, key); break;
         case 256: aesni_setkey_enc_256(rk, key); break;
+#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
         default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
     }