From 422a77f7165bdfac0f437d204672f9d61ccc1c5b Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 7 Jul 2023 10:12:05 +0800 Subject: [PATCH 01/61] aes.c: clean up and fix wrong comment in #endif Signed-off-by: Yanray Wang --- library/aes.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/library/aes.c b/library/aes.c index 47a5e3e82..753bc78ad 100644 --- a/library/aes.c +++ b/library/aes.c @@ -122,8 +122,8 @@ static const unsigned char FSb[256] = 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 }; -#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ +#endif /* !MBEDTLS_AES_ENCRYPT_ALT || !MBEDTLS_AES_SETKEY_ENC_ALT || + !MBEDTLS_AES_SETKEY_DEC_ALT */ /* * Forward tables @@ -216,7 +216,7 @@ static const uint32_t FT3[256] = { FT }; #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) */ +#endif /* !MBEDTLS_AES_ENCRYPT_ALT */ #undef FT @@ -259,7 +259,7 @@ static const unsigned char RSb[256] = 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D }; -#endif /* defined(MBEDTLS_AES_DECRYPT_ALT)) */ +#endif /* !MBEDTLS_AES_DECRYPT_ALT */ /* * Reverse tables @@ -353,7 +353,7 @@ static const uint32_t RT3[256] = { RT }; #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ +#endif /* !MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT */ #undef RT @@ -367,7 +367,7 @@ static const uint32_t RCON[10] = 0x00000010, 0x00000020, 0x00000040, 0x00000080, 0x0000001B, 0x00000036 }; -#endif /* !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */ +#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */ #else /* MBEDTLS_AES_ROM_TABLES */ @@ -377,8 +377,8 @@ static const uint32_t RCON[10] = #if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ !defined(MBEDTLS_AES_SETKEY_DEC_ALT) static unsigned char FSb[256]; -#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ +#endif /* !MBEDTLS_AES_ENCRYPT_ALT || !MBEDTLS_AES_SETKEY_ENC_ALT || + !MBEDTLS_AES_SETKEY_DEC_ALT */ #if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) static uint32_t FT0[256]; #if !defined(MBEDTLS_AES_FEWER_TABLES) @@ -386,14 +386,14 @@ static uint32_t FT1[256]; static uint32_t FT2[256]; static uint32_t FT3[256]; #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */ +#endif /* !MBEDTLS_AES_ENCRYPT_ALT || !MBEDTLS_AES_SETKEY_ENC_ALT */ /* * Reverse S-box & tables */ -#if !(defined(MBEDTLS_AES_SETKEY_ENC_ALT) && defined(MBEDTLS_AES_DECRYPT_ALT)) +#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || !defined(MBEDTLS_AES_DECRYPT_ALT) static unsigned char RSb[256]; -#endif /* !(defined(MBEDTLS_AES_SETKEY_ENC_ALT) && defined(MBEDTLS_AES_DECRYPT_ALT)) */ +#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT || !MBEDTLS_AES_DECRYPT_ALT */ #if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) static uint32_t RT0[256]; @@ -402,7 +402,7 @@ static uint32_t RT1[256]; static uint32_t RT2[256]; static uint32_t RT3[256]; #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ +#endif /* !MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT */ #if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) /* @@ -494,11 +494,11 @@ static void aes_gen_tables(void) RT2[i] = ROTL8(RT1[i]); RT3[i] = ROTL8(RT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ +#endif /* !MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT */ } } -#endif /* !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */ +#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */ #undef ROTL8 @@ -615,8 +615,8 @@ static unsigned mbedtls_aes_rk_offset(uint32_t *buf) return 0; } -#endif /* defined(MAY_NEED_TO_ALIGN) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */ +#endif /* MAY_NEED_TO_ALIGN || !MBEDTLS_AES_SETKEY_DEC_ALT || + !MBEDTLS_AES_SETKEY_ENC_ALT */ /* * AES key schedule (encryption) From 427424768a34e7e05d0e63b9d8a99ebcc6316e11 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 7 Jul 2023 17:28:24 +0800 Subject: [PATCH 02/61] aes.c: provide finer guard for RSb Variable RSb is only used for either computing reverse tables in aes_gen_tables or AES-decryption function. This commit provides more guards for when RSb is defined and used. Signed-off-by: Yanray Wang --- library/aes.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/library/aes.c b/library/aes.c index 753bc78ad..95ab3921c 100644 --- a/library/aes.c +++ b/library/aes.c @@ -391,9 +391,14 @@ static uint32_t FT3[256]; /* * Reverse S-box & tables */ -#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || !defined(MBEDTLS_AES_DECRYPT_ALT) + +#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) && !defined(MBEDTLS_AES_SETKEY_DEC_ALT) static unsigned char RSb[256]; -#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT || !MBEDTLS_AES_DECRYPT_ALT */ +#else /* !MBEDTLS_AES_SETKEY_ENC_ALT && !MBEDTLS_AES_SETKEY_DEC_ALT */ +#if !defined(MBEDTLS_AES_DECRYPT_ALT) +static unsigned char RSb[256]; +#endif /* !MBEDTLS_AES_DECRYPT_ALT */ +#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT && !MBEDTLS_AES_SETKEY_DEC_ALT */ #if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) static uint32_t RT0[256]; @@ -447,7 +452,9 @@ static void aes_gen_tables(void) * generate the forward and reverse S-boxes */ FSb[0x00] = 0x63; +#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) RSb[0x63] = 0x00; +#endif for (i = 1; i < 256; i++) { x = pow[255 - log[i]]; @@ -459,7 +466,9 @@ static void aes_gen_tables(void) x ^= y ^ 0x63; FSb[i] = x; +#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) RSb[x] = (unsigned char) i; +#endif } /* @@ -481,9 +490,9 @@ static void aes_gen_tables(void) FT3[i] = ROTL8(FT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ +#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) x = RSb[i]; -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) RT0[i] = ((uint32_t) MUL(0x0E, x)) ^ ((uint32_t) MUL(0x09, x) << 8) ^ ((uint32_t) MUL(0x0D, x) << 16) ^ From 78ee0c9e4fc65d2fdffa1f9e5b6488b6ac4c88a1 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 15 May 2023 11:23:50 +0800 Subject: [PATCH 03/61] aes.c: add config option to support cipher_encrypt_only Signed-off-by: Yanray Wang --- include/mbedtls/aes.h | 4 ++ library/aes.c | 95 +++++++++++++++++++++++++++---------------- 2 files changed, 65 insertions(+), 34 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 7c92162d1..0780ece3b 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -167,6 +167,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief This function sets the decryption key. * @@ -185,6 +186,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ #if defined(MBEDTLS_CIPHER_MODE_XTS) /** @@ -604,6 +606,7 @@ int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief Internal AES block decryption function. This is only * exposed to allow overriding it using see @@ -619,6 +622,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ #if defined(MBEDTLS_SELF_TEST) /** diff --git a/library/aes.c b/library/aes.c index 95ab3921c..b604cb75c 100644 --- a/library/aes.c +++ b/library/aes.c @@ -86,7 +86,7 @@ static int aes_padlock_ace = -1; * Forward S-box */ #if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_DEC_ALT) + (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY)) static const unsigned char FSb[256] = { 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, @@ -123,7 +123,7 @@ static const unsigned char FSb[256] = 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 }; #endif /* !MBEDTLS_AES_ENCRYPT_ALT || !MBEDTLS_AES_SETKEY_ENC_ALT || - !MBEDTLS_AES_SETKEY_DEC_ALT */ + (!MBEDTLS_AES_SETKEY_DEC_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY) */ /* * Forward tables @@ -220,7 +220,7 @@ static const uint32_t FT3[256] = { FT }; #undef FT -#if !defined(MBEDTLS_AES_DECRYPT_ALT) +#if !defined(MBEDTLS_AES_DECRYPT_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /* * Reverse S-box */ @@ -259,7 +259,7 @@ static const unsigned char RSb[256] = 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D }; -#endif /* !MBEDTLS_AES_DECRYPT_ALT */ +#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /* * Reverse tables @@ -331,7 +331,8 @@ static const unsigned char RSb[256] = V(71, 01, A8, 39), V(DE, B3, 0C, 08), V(9C, E4, B4, D8), V(90, C1, 56, 64), \ V(61, 84, CB, 7B), V(70, B6, 32, D5), V(74, 5C, 6C, 48), V(42, 57, B8, D0) -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ + !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) #define V(a, b, c, d) 0x##a##b##c##d static const uint32_t RT0[256] = { RT }; @@ -352,8 +353,8 @@ static const uint32_t RT3[256] = { RT }; #undef V #endif /* !MBEDTLS_AES_FEWER_TABLES */ - -#endif /* !MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT */ +#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && + !MBEDTLS_CIPHER_ENCRYPT_ONLY */ #undef RT @@ -375,10 +376,10 @@ static const uint32_t RCON[10] = * Forward S-box & tables */ #if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_DEC_ALT) + (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY)) static unsigned char FSb[256]; #endif /* !MBEDTLS_AES_ENCRYPT_ALT || !MBEDTLS_AES_SETKEY_ENC_ALT || - !MBEDTLS_AES_SETKEY_DEC_ALT */ + (!MBEDTLS_AES_SETKEY_DEC_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY) */ #if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) static uint32_t FT0[256]; #if !defined(MBEDTLS_AES_FEWER_TABLES) @@ -391,23 +392,27 @@ static uint32_t FT3[256]; /* * Reverse S-box & tables */ - -#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) && !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) && !defined(MBEDTLS_AES_SETKEY_DEC_ALT) && \ + !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static unsigned char RSb[256]; -#else /* !MBEDTLS_AES_SETKEY_ENC_ALT && !MBEDTLS_AES_SETKEY_DEC_ALT */ -#if !defined(MBEDTLS_AES_DECRYPT_ALT) +#else /* !MBEDTLS_AES_SETKEY_ENC_ALT && !MBEDTLS_AES_SETKEY_DEC_ALT && + !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#if !defined(MBEDTLS_AES_DECRYPT_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static unsigned char RSb[256]; -#endif /* !MBEDTLS_AES_DECRYPT_ALT */ -#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT && !MBEDTLS_AES_SETKEY_DEC_ALT */ +#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY*/ +#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT && !MBEDTLS_AES_SETKEY_DEC_ALT && + !MBEDTLS_CIPHER_ENCRYPT_ONLY */ -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ + !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static uint32_t RT0[256]; #if !defined(MBEDTLS_AES_FEWER_TABLES) static uint32_t RT1[256]; static uint32_t RT2[256]; static uint32_t RT3[256]; #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT */ +#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && + !MBEDTLS_CIPHER_ENCRYPT_ONLY */ #if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) /* @@ -452,9 +457,11 @@ static void aes_gen_tables(void) * generate the forward and reverse S-boxes */ FSb[0x00] = 0x63; -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ + !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) RSb[0x63] = 0x00; -#endif +#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && + !MBEDTLS_CIPHER_ENCRYPT_ONLY */ for (i = 1; i < 256; i++) { x = pow[255 - log[i]]; @@ -466,9 +473,11 @@ static void aes_gen_tables(void) x ^= y ^ 0x63; FSb[i] = x; -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ + !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) RSb[x] = (unsigned char) i; -#endif +#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && + !MBEDTLS_CIPHER_ENCRYPT_ONLY */ } /* @@ -490,7 +499,8 @@ static void aes_gen_tables(void) FT3[i] = ROTL8(FT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ + !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) x = RSb[i]; RT0[i] = ((uint32_t) MUL(0x0E, x)) ^ @@ -503,7 +513,8 @@ static void aes_gen_tables(void) RT2[i] = ROTL8(RT1[i]); RT3[i] = ROTL8(RT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT */ +#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && + !MBEDTLS_CIPHER_ENCRYPT_ONLY */ } } @@ -586,8 +597,8 @@ void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx) #define MAY_NEED_TO_ALIGN #endif -#if defined(MAY_NEED_TO_ALIGN) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_ENC_ALT) +#if defined(MAY_NEED_TO_ALIGN) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ + (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY)) static unsigned mbedtls_aes_rk_offset(uint32_t *buf) { #if defined(MAY_NEED_TO_ALIGN) @@ -624,8 +635,8 @@ static unsigned mbedtls_aes_rk_offset(uint32_t *buf) return 0; } -#endif /* MAY_NEED_TO_ALIGN || !MBEDTLS_AES_SETKEY_DEC_ALT || - !MBEDTLS_AES_SETKEY_ENC_ALT */ +#endif /* MAY_NEED_TO_ALIGN || !MBEDTLS_AES_SETKEY_ENC_ALT || + (!MBEDTLS_AES_SETKEY_DEC_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY) */ /* * AES key schedule (encryption) @@ -741,7 +752,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, /* * AES key schedule (decryption) */ -#if !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if !defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits) { @@ -810,7 +821,7 @@ exit: return ret; } -#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */ +#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY */ #if defined(MBEDTLS_CIPHER_MODE_XTS) static int mbedtls_aes_xts_decode_keys(const unsigned char *key, @@ -999,7 +1010,7 @@ int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, /* * AES-ECB block decryption */ -#if !defined(MBEDTLS_AES_DECRYPT_ALT) +#if !defined(MBEDTLS_AES_DECRYPT_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) @@ -1056,7 +1067,7 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, return 0; } -#endif /* !MBEDTLS_AES_DECRYPT_ALT */ +#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY */ #if defined(MAY_NEED_TO_ALIGN) /* VIA Padlock and our intrinsics-based implementation of AESNI require @@ -1113,13 +1124,16 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, #endif #if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) if (mode == MBEDTLS_AES_ENCRYPT) { return mbedtls_internal_aes_encrypt(ctx, input, output); } else { return mbedtls_internal_aes_decrypt(ctx, input, output); } +#else + return mbedtls_internal_aes_encrypt(ctx, input, output); #endif - +#endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ } #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -1545,6 +1559,7 @@ exit: * * http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static const unsigned char aes_test_ecb_dec[][16] = { { 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58, @@ -1556,6 +1571,7 @@ static const unsigned char aes_test_ecb_dec[][16] = 0x1F, 0x6F, 0x56, 0x58, 0x5D, 0x8A, 0x4A, 0xDE } #endif }; +#endif static const unsigned char aes_test_ecb_enc[][16] = { @@ -1937,7 +1953,7 @@ int mbedtls_aes_self_test(int verbose) */ { static const int num_tests = - sizeof(aes_test_ecb_dec) / sizeof(*aes_test_ecb_dec); + sizeof(aes_test_ecb_enc) / sizeof(*aes_test_ecb_enc); for (i = 0; i < num_tests << 1; i++) { u = i >> 1; @@ -1948,13 +1964,24 @@ int mbedtls_aes_self_test(int verbose) mbedtls_printf(" AES-ECB-%3u (%s): ", keybits, (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc"); } +#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) + if (mode == MBEDTLS_AES_DECRYPT) { + if (verbose != 0) { + mbedtls_printf("skipped\n"); + } + continue; + } +#endif memset(buf, 0, 16); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) if (mode == MBEDTLS_AES_DECRYPT) { ret = mbedtls_aes_setkey_dec(&ctx, key, keybits); aes_tests = aes_test_ecb_dec[u]; - } else { + } else +#endif + { ret = mbedtls_aes_setkey_enc(&ctx, key, keybits); aes_tests = aes_test_ecb_enc[u]; } From 590c9b7abe3aa447ce826f6b7384f731994a1bf3 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 28 Aug 2023 15:40:23 +0800 Subject: [PATCH 04/61] AESCE: add macro guard of CIPHER_ENCRYPT_ONLY Signed-off-by: Yanray Wang --- library/aesce.c | 9 +++++++++ library/aesce.h | 2 ++ 2 files changed, 11 insertions(+) diff --git a/library/aesce.c b/library/aesce.c index 6f75a67d7..650f75fb9 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -199,6 +199,7 @@ rounds_10: /* Two rounds of AESCE decryption */ #define AESCE_DECRYPT_ROUND_X2 AESCE_DECRYPT_ROUND; AESCE_DECRYPT_ROUND +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static uint8x16_t aesce_decrypt_block(uint8x16_t block, unsigned char *keys, int rounds) @@ -230,6 +231,7 @@ rounds_10: return block; } +#endif /* * AES-ECB block en(de)cryption @@ -242,11 +244,16 @@ int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, uint8x16_t block = vld1q_u8(&input[0]); unsigned char *keys = (unsigned char *) (ctx->buf + ctx->rk_offset); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) if (mode == MBEDTLS_AES_ENCRYPT) { block = aesce_encrypt_block(block, keys, ctx->nr); } else { block = aesce_decrypt_block(block, keys, ctx->nr); } +#else + (void) mode; + block = aesce_encrypt_block(block, keys, ctx->nr); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ vst1q_u8(&output[0], block); return 0; @@ -255,6 +262,7 @@ int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, /* * Compute decryption round keys from encryption round keys */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) void mbedtls_aesce_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr) @@ -269,6 +277,7 @@ void mbedtls_aesce_inverse_key(unsigned char *invkey, vst1q_u8(invkey + i * 16, vld1q_u8(fwdkey + j * 16)); } +#endif static inline uint32_t aes_rot_word(uint32_t word) { diff --git a/library/aesce.h b/library/aesce.h index 735c8cfad..ccc0fd3e5 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -102,6 +102,7 @@ void mbedtls_aesce_gcm_mult(unsigned char c[16], const unsigned char b[16]); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief Internal round key inversion. This function computes * decryption round keys from the encryption round keys. @@ -113,6 +114,7 @@ void mbedtls_aesce_gcm_mult(unsigned char c[16], void mbedtls_aesce_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief Internal key expansion for encryption From 380be5af3a1f81771973225f886b2fe2a19b0b95 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 28 Aug 2023 15:40:34 +0800 Subject: [PATCH 05/61] AESNI: add macro guard of CIPHER_ENCRYPT_ONLY Signed-off-by: Yanray Wang --- library/aesni.c | 33 +++++++++++++++++++++++++-------- library/aesni.h | 2 ++ 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/library/aesni.c b/library/aesni.c index 5f25a8249..f7c99df51 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -93,21 +93,32 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, ++rk; --nr; - if (mode == 0) { - while (nr != 0) { - state = _mm_aesdec_si128(state, *rk); - ++rk; - --nr; - } - state = _mm_aesdeclast_si128(state, *rk); - } else { +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) + if (mode == MBEDTLS_AES_ENCRYPT) { while (nr != 0) { state = _mm_aesenc_si128(state, *rk); ++rk; --nr; } state = _mm_aesenclast_si128(state, *rk); + } else { + while (nr != 0) { + state = _mm_aesdec_si128(state, *rk); + ++rk; + --nr; + } + state = _mm_aesdeclast_si128(state, *rk); } +#else + (void) mode; + while (nr != 0) { + + state = _mm_aesenc_si128(state, *rk); + ++rk; + --nr; + } + state = _mm_aesenclast_si128(state, *rk); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ memcpy(output, &state, 16); return 0; @@ -217,6 +228,7 @@ void mbedtls_aesni_gcm_mult(unsigned char c[16], /* * Compute decryption round keys from encryption round keys */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) void mbedtls_aesni_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr) { @@ -229,6 +241,7 @@ void mbedtls_aesni_inverse_key(unsigned char *invkey, } *ik = *fk; } +#endif /* * Key expansion, 128-bit case @@ -455,6 +468,7 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, "jnz 1b \n\t" "movdqu (%1), %%xmm1 \n\t" // load round key AESENCLAST(xmm1_xmm0) // last round +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) "jmp 3f \n\t" "2: \n\t" // decryption loop @@ -465,6 +479,7 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, "jnz 2b \n\t" "movdqu (%1), %%xmm1 \n\t" // load round key AESDECLAST(xmm1_xmm0) // last round +#endif "3: \n\t" "movdqu %%xmm0, (%4) \n\t" // export output @@ -591,6 +606,7 @@ void mbedtls_aesni_gcm_mult(unsigned char c[16], /* * Compute decryption round keys from encryption round keys */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) void mbedtls_aesni_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr) { @@ -610,6 +626,7 @@ void mbedtls_aesni_inverse_key(unsigned char *invkey, memcpy(ik, fk, 16); } +#endif /* * Key expansion, 128-bit case diff --git a/library/aesni.h b/library/aesni.h index 332a0f072..15143de83 100644 --- a/library/aesni.h +++ b/library/aesni.h @@ -141,6 +141,7 @@ void mbedtls_aesni_gcm_mult(unsigned char c[16], const unsigned char a[16], const unsigned char b[16]); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief Internal round key inversion. This function computes * decryption round keys from the encryption round keys. @@ -155,6 +156,7 @@ void mbedtls_aesni_gcm_mult(unsigned char c[16], void mbedtls_aesni_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief Internal key expansion for encryption From 67208fdba85a431776570f148a7cc65dff8aac95 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 15 May 2023 18:02:46 +0800 Subject: [PATCH 06/61] PSA: auto-enable CIPHER_ENCRYPT_ONLY if cipher-decrypt is not needed Some cipher modes use cipher-encrypt to encrypt and decrypt. (E.g: ECB, CBC). This commit adds support to automatically enable CIPHER_ENCRYPT_ONLY by PSA when requested cipher modes don't need cipher_decrypt. Signed-off-by: Yanray Wang --- include/mbedtls/config_psa.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 3b30c0277..f558ed82b 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -598,6 +598,19 @@ #endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */ #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ +/* + * ECB, CBC, XTS modes require both ENCRYPT and DECRYPT directions. + * CIPHER_ENCRYPT_ONLY is only enabled when those modes are not requested + * via the PSA API. + * + * Note: XTS is not yet supported via the PSA API in Mbed TLS. + */ +#if !defined(PSA_WANT_ALG_ECB_NO_PADDING) && \ + !defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ + !defined(PSA_WANT_ALG_CBC_PKCS7) +#define MBEDTLS_CIPHER_ENCRYPT_ONLY 1 +#endif + #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) #if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) #define MBEDTLS_ECP_DP_BP256R1_ENABLED From a8ac23a758c82924de78a30cf469a9150b280bcb Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 15 May 2023 18:03:10 +0800 Subject: [PATCH 07/61] all.sh: add test case for CIPHER_ENCRYPT_ONLY Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8e978ac72..fea4e0f1f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4166,6 +4166,29 @@ component_test_aes_fewer_tables_and_rom_tables () { make test } +component_test_cipher_encrypt_only () { + msg "build: default config + PSA_CRYPTO_CONFIG + implicitly enable CIPHER_ENCRYPT_ONLY" + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC + scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_NIST_KW_C + + echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h + + make CC=gcc CFLAGS="-Werror -Wall -Wextra -I '$PWD' \ + -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + + msg "test: default config + PSA_CRYPTO_CONFIG + implicitly enable CIPER_ENCRYPT_ONLY" + make test + + msg "selftest: default config + PSA_CRYPTO_CONFIG + implicitly enable CIPER_ENCRYPT_ONLY" + programs/test/selftest + + rm -f psa_cipher_encrypt_only.h +} + component_test_ctr_drbg_aes_256_sha_256 () { msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" scripts/config.py full From 9141ad12239f98fdbb866aad25bd12a2bdffe861 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 24 Aug 2023 14:53:16 +0800 Subject: [PATCH 08/61] aria/camellia/des: guard setkey_dec by CIPHER_ENCRYPT_ONLY This is a pre-step to remove *setkey_dec_func in cipher_wrap ctx when CIPHER_ENCRYPT_ONLY is enabled. Signed-off-by: Yanray Wang --- include/mbedtls/aria.h | 2 ++ include/mbedtls/camellia.h | 2 ++ include/mbedtls/des.h | 6 ++++++ library/aria.c | 8 ++++++++ library/camellia.c | 16 +++++++++++++++- library/des.c | 21 +++++++++++++++++++++ 6 files changed, 54 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 7e55df7ec..e725ea044 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -110,6 +110,7 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief This function sets the decryption key. * @@ -128,6 +129,7 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief This function performs an ARIA single-block encryption or diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 8033c13ff..74a8e3434 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -93,6 +93,7 @@ int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief Perform a CAMELLIA key schedule operation for decryption. * @@ -108,6 +109,7 @@ int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx, int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief Perform a CAMELLIA-ECB block encryption/decryption operation. diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index f445102d9..f10ac90d7 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -182,6 +182,7 @@ int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]); MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief DES key schedule (56-bit, decryption) * @@ -196,6 +197,7 @@ int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBE */ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief Triple-DES key schedule (112-bit, encryption) @@ -213,6 +215,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief Triple-DES key schedule (112-bit, decryption) * @@ -228,6 +231,7 @@ int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief Triple-DES key schedule (168-bit, encryption) @@ -245,6 +249,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief Triple-DES key schedule (168-bit, decryption) * @@ -260,6 +265,7 @@ int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief DES-ECB block encryption/decryption diff --git a/library/aria.c b/library/aria.c index 098036225..0bd489e68 100644 --- a/library/aria.c +++ b/library/aria.c @@ -425,6 +425,7 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, /* * Set decryption key */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits) { @@ -454,6 +455,7 @@ int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, return 0; } +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /* * Encrypt a block @@ -884,12 +886,18 @@ int mbedtls_aria_self_test(int verbose) /* test ECB decryption */ if (verbose) { mbedtls_printf(" ARIA-ECB-%d (dec): ", 128 + 64 * i); +#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) + mbedtls_printf("skipped\n"); +#endif } + +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) mbedtls_aria_setkey_dec(&ctx, aria_test1_ecb_key, 128 + 64 * i); mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_ct[i], blk); ARIA_SELF_TEST_ASSERT( memcmp(blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE) != 0); +#endif } if (verbose) { mbedtls_printf("\n"); diff --git a/library/camellia.c b/library/camellia.c index 409727d04..634978294 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -411,6 +411,7 @@ int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx, /* * Camellia key schedule (decryption) */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits) @@ -456,6 +457,7 @@ exit: return ret; } +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /* * Camellia-ECB block encryption/decryption @@ -900,14 +902,26 @@ int mbedtls_camellia_self_test(int verbose) (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc"); } +#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) + if (v == MBEDTLS_CAMELLIA_DECRYPT) { + if (verbose != 0) { + mbedtls_printf("skipped\n"); + } + continue; + } +#endif + for (i = 0; i < CAMELLIA_TESTS_ECB; i++) { memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) if (v == MBEDTLS_CAMELLIA_DECRYPT) { mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64); memcpy(src, camellia_test_ecb_cipher[u][i], 16); memcpy(dst, camellia_test_ecb_plain[i], 16); - } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ + } else +#endif + { /* MBEDTLS_CAMELLIA_ENCRYPT */ mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64); memcpy(src, camellia_test_ecb_plain[i], 16); memcpy(dst, camellia_test_ecb_cipher[u][i], 16); diff --git a/library/des.c b/library/des.c index eaddf282a..a6a6b2fb8 100644 --- a/library/des.c +++ b/library/des.c @@ -483,6 +483,7 @@ int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBE /* * DES key schedule (56-bit, decryption) */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]) { int i; @@ -496,6 +497,7 @@ int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBE return 0; } +#endif static void des3_set2key(uint32_t esk[96], uint32_t dsk[96], @@ -538,6 +540,7 @@ int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, /* * Triple-DES key schedule (112-bit, decryption) */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]) { @@ -548,6 +551,7 @@ int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, return 0; } +#endif static void des3_set3key(uint32_t esk[96], uint32_t dsk[96], @@ -588,6 +592,7 @@ int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, /* * Triple-DES key schedule (168-bit, decryption) */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]) { @@ -598,6 +603,7 @@ int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, return 0; } +#endif /* * DES-ECB block encryption/decryption @@ -869,28 +875,43 @@ int mbedtls_des_self_test(int verbose) (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc"); } +#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) + if (v == MBEDTLS_DES_DECRYPT) { + if (verbose != 0) { + mbedtls_printf("skipped\n"); + } + continue; + } +#endif + memcpy(buf, des3_test_buf, 8); switch (i) { +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) case 0: ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys); break; +#endif case 1: ret = mbedtls_des_setkey_enc(&ctx, des3_test_keys); break; +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) case 2: ret = mbedtls_des3_set2key_dec(&ctx3, des3_test_keys); break; +#endif case 3: ret = mbedtls_des3_set2key_enc(&ctx3, des3_test_keys); break; +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) case 4: ret = mbedtls_des3_set3key_dec(&ctx3, des3_test_keys); break; +#endif case 5: ret = mbedtls_des3_set3key_enc(&ctx3, des3_test_keys); From db9b3095fb60f01cb8965d4c6f44c22b938d5271 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 24 Aug 2023 15:47:53 +0800 Subject: [PATCH 09/61] cipher_wrap: remove *setkey_dec_func in CIPHER_ENCRYPT_ONLY There is no need to set decrypt key under CIPHER_ENCRYPT_ONLY, so we can remove *setkey_dec_func from ctx to save extra code size. Signed-off-by: Yanray Wang --- library/cipher.c | 5 +++++ library/cipher_wrap.c | 42 ++++++++++++++++++++++++++++++++++++++++++ library/cipher_wrap.h | 2 ++ 3 files changed, 49 insertions(+) diff --git a/library/cipher.c b/library/cipher.c index de7f8378e..cefd9e125 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -396,6 +396,7 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, ctx->key_bitlen = key_bitlen; ctx->operation = operation; +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /* * For OFB, CFB and CTR mode always use the encryption key schedule */ @@ -413,6 +414,10 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, } return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; +#else + return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_enc_func(ctx->cipher_ctx, key, + ctx->key_bitlen); +#endif } int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx, diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 6ab2f5f13..20bb9847d 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -238,11 +238,13 @@ static int aes_crypt_xts_wrap(void *ctx, mbedtls_operation_t operation, } #endif /* MBEDTLS_CIPHER_MODE_XTS */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static int aes_setkey_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { return mbedtls_aes_setkey_dec((mbedtls_aes_context *) ctx, key, key_bitlen); } +#endif static int aes_setkey_enc_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) @@ -291,7 +293,9 @@ static const mbedtls_cipher_base_t aes_info = { NULL, #endif aes_setkey_enc_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) aes_setkey_dec_wrap, +#endif aes_ctx_alloc, aes_ctx_free }; @@ -587,7 +591,9 @@ static const mbedtls_cipher_base_t gcm_aes_info = { NULL, #endif gcm_aes_setkey_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) gcm_aes_setkey_wrap, +#endif gcm_ctx_alloc, gcm_ctx_free, }; @@ -656,7 +662,9 @@ static const mbedtls_cipher_base_t ccm_aes_info = { NULL, #endif ccm_aes_setkey_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) ccm_aes_setkey_wrap, +#endif ccm_ctx_alloc, ccm_ctx_free, }; @@ -769,11 +777,13 @@ static int camellia_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off, } #endif /* MBEDTLS_CIPHER_MODE_CTR */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static int camellia_setkey_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { return mbedtls_camellia_setkey_dec((mbedtls_camellia_context *) ctx, key, key_bitlen); } +#endif static int camellia_setkey_enc_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) @@ -823,7 +833,9 @@ static const mbedtls_cipher_base_t camellia_info = { NULL, #endif camellia_setkey_enc_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) camellia_setkey_dec_wrap, +#endif camellia_ctx_alloc, camellia_ctx_free }; @@ -996,7 +1008,9 @@ static const mbedtls_cipher_base_t gcm_camellia_info = { NULL, #endif gcm_camellia_setkey_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) gcm_camellia_setkey_wrap, +#endif gcm_ctx_alloc, gcm_ctx_free, }; @@ -1065,7 +1079,9 @@ static const mbedtls_cipher_base_t ccm_camellia_info = { NULL, #endif ccm_camellia_setkey_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) ccm_camellia_setkey_wrap, +#endif ccm_ctx_alloc, ccm_ctx_free, }; @@ -1179,11 +1195,13 @@ static int aria_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off, } #endif /* MBEDTLS_CIPHER_MODE_CTR */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static int aria_setkey_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { return mbedtls_aria_setkey_dec((mbedtls_aria_context *) ctx, key, key_bitlen); } +#endif static int aria_setkey_enc_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) @@ -1233,7 +1251,9 @@ static const mbedtls_cipher_base_t aria_info = { NULL, #endif aria_setkey_enc_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) aria_setkey_dec_wrap, +#endif aria_ctx_alloc, aria_ctx_free }; @@ -1406,7 +1426,9 @@ static const mbedtls_cipher_base_t gcm_aria_info = { NULL, #endif gcm_aria_setkey_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) gcm_aria_setkey_wrap, +#endif gcm_ctx_alloc, gcm_ctx_free, }; @@ -1475,7 +1497,9 @@ static const mbedtls_cipher_base_t ccm_aria_info = { NULL, #endif ccm_aria_setkey_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) ccm_aria_setkey_wrap, +#endif ccm_ctx_alloc, ccm_ctx_free, }; @@ -1583,6 +1607,7 @@ static int des3_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t } #endif /* MBEDTLS_CIPHER_MODE_CBC */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static int des_setkey_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1590,6 +1615,7 @@ static int des_setkey_dec_wrap(void *ctx, const unsigned char *key, return mbedtls_des_setkey_dec((mbedtls_des_context *) ctx, key); } +#endif static int des_setkey_enc_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) @@ -1599,6 +1625,7 @@ static int des_setkey_enc_wrap(void *ctx, const unsigned char *key, return mbedtls_des_setkey_enc((mbedtls_des_context *) ctx, key); } +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static int des3_set2key_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1606,6 +1633,7 @@ static int des3_set2key_dec_wrap(void *ctx, const unsigned char *key, return mbedtls_des3_set2key_dec((mbedtls_des3_context *) ctx, key); } +#endif static int des3_set2key_enc_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) @@ -1615,6 +1643,7 @@ static int des3_set2key_enc_wrap(void *ctx, const unsigned char *key, return mbedtls_des3_set2key_enc((mbedtls_des3_context *) ctx, key); } +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static int des3_set3key_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1622,6 +1651,7 @@ static int des3_set3key_dec_wrap(void *ctx, const unsigned char *key, return mbedtls_des3_set3key_dec((mbedtls_des3_context *) ctx, key); } +#endif static int des3_set3key_enc_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) @@ -1692,7 +1722,9 @@ static const mbedtls_cipher_base_t des_info = { NULL, #endif des_setkey_enc_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) des_setkey_dec_wrap, +#endif des_ctx_alloc, des_ctx_free }; @@ -1743,7 +1775,9 @@ static const mbedtls_cipher_base_t des_ede_info = { NULL, #endif des3_set2key_enc_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) des3_set2key_dec_wrap, +#endif des3_ctx_alloc, des3_ctx_free }; @@ -1794,7 +1828,9 @@ static const mbedtls_cipher_base_t des_ede3_info = { NULL, #endif des3_set3key_enc_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) des3_set3key_dec_wrap, +#endif des3_ctx_alloc, des3_ctx_free }; @@ -1895,7 +1931,9 @@ static const mbedtls_cipher_base_t chacha20_base_info = { chacha20_stream_wrap, #endif chacha20_setkey_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) chacha20_setkey_wrap, +#endif chacha20_ctx_alloc, chacha20_ctx_free }; @@ -1970,7 +2008,9 @@ static const mbedtls_cipher_base_t chachapoly_base_info = { NULL, #endif chachapoly_setkey_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) chachapoly_setkey_wrap, +#endif chachapoly_ctx_alloc, chachapoly_ctx_free }; @@ -2038,7 +2078,9 @@ static const mbedtls_cipher_base_t null_base_info = { null_crypt_stream, #endif null_setkey, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) null_setkey, +#endif null_ctx_alloc, null_ctx_free }; diff --git a/library/cipher_wrap.h b/library/cipher_wrap.h index c85a4efa8..2cbc21671 100644 --- a/library/cipher_wrap.h +++ b/library/cipher_wrap.h @@ -93,9 +93,11 @@ struct mbedtls_cipher_base_t { int (*setkey_enc_func)(void *ctx, const unsigned char *key, unsigned int key_bitlen); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** Set key for decryption purposes */ int (*setkey_dec_func)(void *ctx, const unsigned char *key, unsigned int key_bitlen); +#endif /** Allocate a new context */ void * (*ctx_alloc_func)(void); From d7058b0a351de110ff934da4f5b642f3340bff1d Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 24 Aug 2023 15:50:38 +0800 Subject: [PATCH 10/61] dh_client: removed under CIPHER_ENCRYPT_ONLY dh_client requests AES-ECB to do decryption. So it needs to be removed under CIPHER_ENCRYPT_ONLY. Signed-off-by: Yanray Wang --- programs/pkey/dh_client.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 5a2c30fc2..9dd38bc6e 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -56,6 +56,13 @@ int main(void) "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n"); mbedtls_exit(0); } + +#elif defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +int main(void) +{ + mbedtls_printf("MBEDTLS_CIPHER_ENCRYPT_ONLY implicitly defined.\n"); + mbedtls_exit(0); +} #else From 85c3023c60f91d93ef0c9d17a136d89022fb4c11 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 16 May 2023 10:07:56 +0800 Subject: [PATCH 11/61] AES-ECB: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases Signed-off-by: Yanray Wang --- tests/suites/test_suite_aes.function | 6 +- tests/suites/test_suite_cipher.aes.data | 116 ++++++++++++------------ 2 files changed, 62 insertions(+), 60 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index d495b49ed..2aa27d320 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -6,6 +6,7 @@ * master, enc and dec must be AES context objects. They don't need to * be initialized, and are left freed. */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static int test_copy(const data_t *key, mbedtls_aes_context *master, mbedtls_aes_context *enc, @@ -55,6 +56,7 @@ exit: * with alternative implementations. */ return 0; } +#endif /* END_HEADER */ @@ -86,7 +88,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ void aes_decrypt_ecb(data_t *key_str, data_t *src_str, data_t *dst, int setkey_result) { @@ -523,7 +525,7 @@ void aes_misc_params() } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ void aes_ecb_copy_context(data_t *key) { /* We test context copying multiple times, with different alignments diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data index 134970f5f..557d56d29 100644 --- a/tests/suites/test_suite_cipher.aes.data +++ b/tests/suites/test_suite_cipher.aes.data @@ -1595,47 +1595,47 @@ depends_on:MBEDTLS_AES_C test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"fffffffffffffffffffffffff8000000":"2ca8209d63274cd9a29bb74bcd77683a":0 AES-128-ECB Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"db4f1aa530967d6732ce4715eb0ee24b":"ff000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"a81738252621dd180a34f3455b4baa2f":"ff800000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"77e2b508db7fd89234caf7939ee5621a":"ffc00000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"dc43be40be0e53712f7e2bf5ca707209":"6a118a874519e64e9963798a503f1d35":0 AES-128-ECB Decrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"92beedab1895a94faa69b632e5cc47ce":"cb9fceec81286ca3e989bd979b0cb284":0 AES-128-ECB Decrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"459264f4798f6a78bacb89c15ed3d601":"b26aeb1874e47ca8358ff22378f09144":0 AES-128-ECB Decrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"b69418a85332240dc82492353956ae0c":"a303d940ded8f0baff6f75414cac5243":"00000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"71b5c08a1993e1362e4d0ce9b22b78d5":"c2dabd117f8a3ecabfbb11d12194d9d0":"00000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"e234cdca2606b81f29408d5f6da21206":"fff60a4740086b3b9c56195b98d91a7b":"00000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff0000000000000000":"84be19e053635f09f2665e7bae85b42d":"00000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff8000000000000000":"32cd652842926aea4aa6137bb2be2b5e":"00000000000000000000000000000000":0 AES-192-ECB Encrypt NIST KAT #1 @@ -1687,51 +1687,51 @@ depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"fffffffffffffffffffffffffffe00000000000000000000":"00000000000000000000000000000000":"fd5548bcf3f42565f7efa94562528d46":0 AES-192-ECB Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff000000000000000":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff800000000000000":"1b9f5fbd5e8a4264c0a85b80409afa5e":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffc00000000000000":"30dab809f85a917fe924733f424ac589":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"61257134a518a0d57d9d244d45f6498cbc32f2bafc522d79":"cfe4d74002696ccf7d87b14a2f9cafc9":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"b0ab0a6a818baef2d11fa33eac947284fb7d748cfb75e570":"d2eafd86f63b109b91f5dbb3a3fb7e13":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"ee053aa011c8b428cdcc3636313c54d6a03cac01c71579d6":"9b9fdd1c5975655f539998b306a324af":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0 AES-192-ECB Decrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"c9b8135ff1b5adc413dfd053b21bd96d":"9c2d8842e5f48f57648205d39a239af1":0 AES-192-ECB Decrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"4a3650c3371ce2eb35e389a171427440":"bff52510095f518ecca60af4205444bb":0 AES-192-ECB Decrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"b2099795e88cc158fd75ea133d7e7fbe":"ffffffffffffffffffffc00000000000":0 AES-192-ECB Decrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"a6cae46fb6fadfe7a2c302a34242817b":"ffffffffffffffffffffe00000000000":0 AES-192-ECB Decrypt NIST KAT #12 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"026a7024d6a902e0b3ffccbaa910cc3f":"fffffffffffffffffffff00000000000":0 AES-256-ECB Encrypt NIST KAT #1 @@ -1783,51 +1783,51 @@ depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffffe000000000000000000000000000":"00000000000000000000000000000000":"dcf4e129136c1a4b7a0f38935cc34b2b":0 AES-256-ECB Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff80000000000000000":"6168b00ba7859e0970ecfd757efecf7c":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffffc0000000000000000":"d1415447866230d28bb1ea18a4cdfd02":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"f8be9ba615c5a952cabbca24f68f8593039624d524c816acda2c9183bd917cb9":"a3944b95ca0b52043584ef02151926a8":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"797f8b3d176dac5b7e34a2d539c4ef367a16f8635f6264737591c5c07bf57a3e":"a74289fe73a4c123ca189ea1e1b49ad5":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"6838d40caf927749c13f0329d331f448e202c73ef52c5f73a37ca635d4c47707":"b91d4ea4488644b56cf0812fa7fcf5fc":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c7421":"761c1fe41a18acf20d241650611d90f1":0 AES-256-ECB Decrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"38f2c7ae10612415d27ca190d27da8b4":"8a560769d605868ad80d819bdba03771":0 AES-256-ECB Decrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"1bc704f1bce135ceb810341b216d7abe":"91fbef2d15a97816060bee1feaa49afe":0 AES-256-ECB Decrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"0a6bdc6d4c1e6280301fd8e97ddbe601":"c0000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #12 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"9b80eefb7ebe2d2b16247aa0efc72f5d":"e0000000000000000000000000000000":0 AES-128-ECB crypt Encrypt NIST KAT #1 @@ -1843,15 +1843,15 @@ depends_on:MBEDTLS_AES_C test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"ffffffffffffffc00000000000000000":"3a4d354f02bb5a5e47d39666867f246a":0:0 AES-128-ECB crypt Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"db4f1aa530967d6732ce4715eb0ee24b":"ff000000000000000000000000000000":0:0 AES-128-ECB crypt Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"b69418a85332240dc82492353956ae0c":"":"a303d940ded8f0baff6f75414cac5243":"00000000000000000000000000000000":0:0 AES-128-ECB crypt Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff8000000000000000":"":"32cd652842926aea4aa6137bb2be2b5e":"00000000000000000000000000000000":0:0 AES-192-ECB crypt Encrypt NIST KAT #1 @@ -1871,19 +1871,19 @@ depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"fffffffffffffffffffffffffff800000000000000000000":"":"00000000000000000000000000000000":"8dd274bd0f1b58ae345d9e7233f9b8f3":0:0 AES-192-ECB crypt Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff000000000000000":"":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":0:0 AES-192-ECB crypt Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"61257134a518a0d57d9d244d45f6498cbc32f2bafc522d79":"":"cfe4d74002696ccf7d87b14a2f9cafc9":"00000000000000000000000000000000":0:0 AES-192-ECB crypt Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0:0 AES-192-ECB crypt Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"b2099795e88cc158fd75ea133d7e7fbe":"ffffffffffffffffffffc00000000000":0:0 AES-256-ECB crypt Encrypt NIST KAT #1 @@ -1903,19 +1903,19 @@ depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffff8000000000000000000000000000":"":"00000000000000000000000000000000":"45d089c36d5c5a4efc689e3b0de10dd5":0:0 AES-256-ECB crypt Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":0:0 AES-256-ECB crypt Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"f8be9ba615c5a952cabbca24f68f8593039624d524c816acda2c9183bd917cb9":"":"a3944b95ca0b52043584ef02151926a8":"00000000000000000000000000000000":0:0 AES-256-ECB crypt Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"623a52fcea5d443e48d9181ab32c7421":"761c1fe41a18acf20d241650611d90f1":0:0 AES-256-ECB crypt Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0:0 AES-128-CBC crypt Encrypt NIST KAT #1 @@ -2127,19 +2127,19 @@ depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES: test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0:1 AES-128-ECB crypt Decrypt NIST KAT #1 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"3ad78e726c1ec02b7ebfe92b23d9ec34":"80000000000000000000000000000000":0:1 AES-128-ECB crypt Decrypt NIST KAT #2 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffc000000000000000000000000000":"":"df556a33438db87bc41b1752c55e5e49":"00000000000000000000000000000000":0:1 AES-128-ECB crypt Decrypt NIST KAT #3 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"10a58869d74be5a374cf867cfb473859":"":"6d251e6944b051e04eaa6fb4dbf78465":"00000000000000000000000000000000":0:1 AES-128-ECB crypt Decrypt NIST KAT #4 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"0336763e966d92595a567cc9ce537f5e":"f34481ec3cc627bacd5dc3fb08f273e6":0:1 AES-192-ECB crypt Encrypt NIST KAT #1 PSA @@ -2159,19 +2159,19 @@ depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES: test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"1b077a6af4b7f98229de786d7516b639":"275cfc0413d8ccb70513c3859b1d0f72":0:1 AES-192-ECB crypt Decrypt NIST KAT #1 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"6cd02513e8d4dc986b4afe087a60bd0c":"80000000000000000000000000000000":0:1 AES-192-ECB crypt Decrypt NIST KAT #2 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"ffe000000000000000000000000000000000000000000000":"":"7ababc4b3f516c9aafb35f4140b548f9":"00000000000000000000000000000000":0:1 AES-192-ECB crypt Decrypt NIST KAT #3 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"":"0956259c9cd5cfd0181cca53380cde06":"00000000000000000000000000000000":0:1 AES-192-ECB crypt Decrypt NIST KAT #4 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0:1 AES-256-ECB crypt Encrypt NIST KAT #1 PSA @@ -2191,19 +2191,19 @@ depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES: test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"014730f80ac625fe84f026c60bfd547d":"5c9d844ed46f9885085e5d6a4f94c7d7":0:1 AES-256-ECB crypt Decrypt NIST KAT #1 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0:1 AES-256-ECB crypt Decrypt NIST KAT #2 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"ffe0000000000000000000000000000000000000000000000000000000000000":"":"d1ccb9b1337002cbac42c520b5d67722":"00000000000000000000000000000000":0:1 AES-256-ECB crypt Decrypt NIST KAT #3 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"":"46f2fb342d6f0ab477476fc501242c5f":"00000000000000000000000000000000":0:1 AES-256-ECB crypt Decrypt NIST KAT #4 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0:1 AES-128-CCM*-NO-TAG crypt Encrypt NIST VPT AES-128 #15 From 702c220809317760ec9783406c41411f14e2e547 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 28 Aug 2023 11:20:26 +0800 Subject: [PATCH 12/61] aria: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases Signed-off-by: Yanray Wang --- tests/suites/test_suite_aria.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index 579dddf3b..ab1ce00ec 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -86,7 +86,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ void aria_decrypt_ecb(data_t *key_str, data_t *src_str, data_t *expected_output, int setkey_result) { From ba473b1c827a253a30bc93ac9983a3adc8d99812 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 28 Aug 2023 11:24:14 +0800 Subject: [PATCH 13/61] camellia: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases Signed-off-by: Yanray Wang --- tests/suites/test_suite_camellia.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index 1cef97a9f..8454c5ffe 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -67,7 +67,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ void camellia_decrypt_ecb(data_t *key_str, data_t *src_str, data_t *dst, int setkey_result) { From 3c565275c48f1ffc00b5854b1cfecb4dfeacf844 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 28 Aug 2023 11:27:09 +0800 Subject: [PATCH 14/61] des: add CIPHER_ENCRYPT_ONLY dependency for test cases Signed-off-by: Yanray Wang --- tests/suites/test_suite_cipher.des.data | 10 +++++----- tests/suites/test_suite_des.function | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_cipher.des.data b/tests/suites/test_suite_cipher.des.data index 77f7515b9..2ab7fe7f1 100644 --- a/tests/suites/test_suite_cipher.des.data +++ b/tests/suites/test_suite_cipher.des.data @@ -575,15 +575,15 @@ depends_on:MBEDTLS_DES_C test_vec_ecb:MBEDTLS_CIPHER_DES_ECB:MBEDTLS_ENCRYPT:"FEDCBA9876543210":"0123456789ABCDEF":"ED39D950FA74BCC4":0 DES ECB Decrypt test vector (OpenSSL) #1 -depends_on:MBEDTLS_DES_C +depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_DES_ECB:MBEDTLS_DECRYPT:"0000000000000000":"8CA64DE9C1B123A7":"0000000000000000":0 DES ECB Decrypt test vector (OpenSSL) #2 -depends_on:MBEDTLS_DES_C +depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_DES_ECB:MBEDTLS_DECRYPT:"FFFFFFFFFFFFFFFF":"7359B2163E4EDC58":"FFFFFFFFFFFFFFFF":0 DES ECB Decrypt test vector (OpenSSL) #3 -depends_on:MBEDTLS_DES_C +depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_DES_ECB:MBEDTLS_DECRYPT:"43297FAD38E373FE":"EA676B2CB7DB2B7A":"762514B829BF486A":0 DES3-EDE ECB Encrypt test vector (OpenSSL) #1 @@ -595,9 +595,9 @@ depends_on:MBEDTLS_DES_C test_vec_ecb:MBEDTLS_CIPHER_DES_EDE_ECB:MBEDTLS_ENCRYPT:"FFFFFFFFFFFFFFFF3000000000000000":"FFFFFFFFFFFFFFFF":"199E9D6DF39AA816":0 DES3-EDE ECB Decrypt test vector (OpenSSL) #1 -depends_on:MBEDTLS_DES_C +depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_DES_EDE_ECB:MBEDTLS_DECRYPT:"0000000000000000FFFFFFFFFFFFFFFF":"9295B59BB384736E":"0000000000000000":0 DES3-EDE ECB Decrypt test vector (OpenSSL) #2 -depends_on:MBEDTLS_DES_C +depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_DES_EDE_ECB:MBEDTLS_DECRYPT:"FFFFFFFFFFFFFFFF3000000000000000":"199E9D6DF39AA816":"FFFFFFFFFFFFFFFF":0 diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function index b846d777a..61ec8b8dc 100644 --- a/tests/suites/test_suite_des.function +++ b/tests/suites/test_suite_des.function @@ -34,7 +34,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ void des_decrypt_ecb(data_t *key_str, data_t *src_str, data_t *dst) { unsigned char output[100]; @@ -133,7 +133,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ void des3_decrypt_ecb(int key_count, data_t *key_str, data_t *src_str, data_t *dst) { From 72d7bb4bca913a5ef46f3b992e1a9416ea2cfc39 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 30 Aug 2023 13:58:15 +0800 Subject: [PATCH 15/61] check_config.h: add checks for CIPHER_ENCRYPT_ONLY MBEDTLS_CIPHER_ENCRYPT_ONLY is an internal configuration which is automatically enabled via the PSA. Typically, once MBEDTLS_CIPHER_ENCRYPT_ONLY is enabled, MBEDTLS_PSA_CRYPTO_CONFIG must be enabled. This check is only used to prevent user explicitly enabling MBEDTLS_CIPHER_ENCRYPT_ONLY. In addition, we shouldn't enable MBEDTLS_CIPHER_ENCRYPT_ONLY if either CIPHER_MODE_CBC, CIPHER_MODE_XTS or NIST_KW_C is enabled. Since three of them always need AES-decrypt. Signed-off-by: Yanray Wang --- include/mbedtls/check_config.h | 8 ++++++++ include/mbedtls/config_psa.h | 13 ++++++++----- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index ca267bdd8..c64e9c3de 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -84,6 +84,14 @@ #error "MBEDTLS_NIST_KW_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) && \ + (!defined(MBEDTLS_PSA_CRYPTO_CONFIG) || \ + (defined(MBEDTLS_CIPHER_MODE_CBC) || \ + defined(MBEDTLS_CIPHER_MODE_XTS) || \ + defined(MBEDTLS_NIST_KW_C))) +#error "MBEDTLS_CIPHER_ENCRYPT_ONLY defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C) #error "MBEDTLS_ECDH_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index f558ed82b..9d68a3428 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -599,15 +599,18 @@ #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ /* - * ECB, CBC, XTS modes require both ENCRYPT and DECRYPT directions. - * CIPHER_ENCRYPT_ONLY is only enabled when those modes are not requested - * via the PSA API. + * ECB, CBC, XTS, KW modes require both ENCRYPT and DECRYPT directions. + * MBEDTLS_CIPHER_ENCRYPT_ONLY is only enabled when those modes + * are not requested via the PSA API and are not enabled in the legacy API. * - * Note: XTS is not yet supported via the PSA API in Mbed TLS. + * Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. */ #if !defined(PSA_WANT_ALG_ECB_NO_PADDING) && \ !defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - !defined(PSA_WANT_ALG_CBC_PKCS7) + !defined(PSA_WANT_ALG_CBC_PKCS7) && \ + !defined(MBEDTLS_CIPHER_MODE_CBC) && \ + !defined(MBEDTLS_CIPHER_MODE_XTS) && \ + !defined(MBEDTLS_NIST_KW_C) #define MBEDTLS_CIPHER_ENCRYPT_ONLY 1 #endif From dbcc0c61721f67feabac1c36f3413fb489be8e53 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 30 Aug 2023 15:04:01 +0800 Subject: [PATCH 16/61] aes: define internal macro to simplify #if Directive No semantic changes, only yo simplify #if Directive with introduction of MBEDTLS_AES_NEED_FORWARD_S_BOXES and MBEDTLS_AES_NEED_REVERSE_TABLES. Signed-off-by: Yanray Wang --- library/aes.c | 66 ++++++++++++++++++++++----------------------------- 1 file changed, 29 insertions(+), 37 deletions(-) diff --git a/library/aes.c b/library/aes.c index b604cb75c..da0ab3239 100644 --- a/library/aes.c +++ b/library/aes.c @@ -75,6 +75,16 @@ #include "mbedtls/platform.h" +#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ + (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY)) +#define MBEDTLS_AES_NEED_FORWARD_S_BOXES +#endif + +#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ + !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#define MBEDTLS_AES_NEED_REVERSE_TABLES +#endif + #if !defined(MBEDTLS_AES_ALT) #if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) @@ -85,8 +95,7 @@ static int aes_padlock_ace = -1; /* * Forward S-box */ -#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY)) +#if defined(MBEDTLS_AES_NEED_FORWARD_S_BOXES) static const unsigned char FSb[256] = { 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, @@ -122,8 +131,7 @@ static const unsigned char FSb[256] = 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 }; -#endif /* !MBEDTLS_AES_ENCRYPT_ALT || !MBEDTLS_AES_SETKEY_ENC_ALT || - (!MBEDTLS_AES_SETKEY_DEC_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY) */ +#endif /* MBEDTLS_AES_NEED_FORWARD_S_BOXES */ /* * Forward tables @@ -331,8 +339,7 @@ static const unsigned char RSb[256] = V(71, 01, A8, 39), V(DE, B3, 0C, 08), V(9C, E4, B4, D8), V(90, C1, 56, 64), \ V(61, 84, CB, 7B), V(70, B6, 32, D5), V(74, 5C, 6C, 48), V(42, 57, B8, D0) -#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ - !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if defined(MBEDTLS_AES_NEED_REVERSE_TABLES) #define V(a, b, c, d) 0x##a##b##c##d static const uint32_t RT0[256] = { RT }; @@ -353,8 +360,7 @@ static const uint32_t RT3[256] = { RT }; #undef V #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && - !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* MBEDTLS_AES_NEED_REVERSE_TABLES */ #undef RT @@ -375,11 +381,9 @@ static const uint32_t RCON[10] = /* * Forward S-box & tables */ -#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY)) +#if defined(MBEDTLS_AES_NEED_FORWARD_S_BOXES) static unsigned char FSb[256]; -#endif /* !MBEDTLS_AES_ENCRYPT_ALT || !MBEDTLS_AES_SETKEY_ENC_ALT || - (!MBEDTLS_AES_SETKEY_DEC_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY) */ +#endif #if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) static uint32_t FT0[256]; #if !defined(MBEDTLS_AES_FEWER_TABLES) @@ -392,27 +396,21 @@ static uint32_t FT3[256]; /* * Reverse S-box & tables */ -#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) && !defined(MBEDTLS_AES_SETKEY_DEC_ALT) && \ - !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if (!defined(MBEDTLS_AES_SETKEY_ENC_ALT) && !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) || \ + !defined(MBEDTLS_AES_DECRYPT_ALT) static unsigned char RSb[256]; -#else /* !MBEDTLS_AES_SETKEY_ENC_ALT && !MBEDTLS_AES_SETKEY_DEC_ALT && - !MBEDTLS_CIPHER_ENCRYPT_ONLY */ -#if !defined(MBEDTLS_AES_DECRYPT_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) -static unsigned char RSb[256]; -#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY*/ -#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT && !MBEDTLS_AES_SETKEY_DEC_ALT && - !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ -#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ - !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if defined(MBEDTLS_AES_NEED_REVERSE_TABLES) static uint32_t RT0[256]; #if !defined(MBEDTLS_AES_FEWER_TABLES) static uint32_t RT1[256]; static uint32_t RT2[256]; static uint32_t RT3[256]; #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && - !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* MBEDTLS_AES_NEED_REVERSE_TABLES */ #if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) /* @@ -457,11 +455,9 @@ static void aes_gen_tables(void) * generate the forward and reverse S-boxes */ FSb[0x00] = 0x63; -#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ - !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if defined(MBEDTLS_AES_NEED_REVERSE_TABLES) RSb[0x63] = 0x00; -#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && - !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif for (i = 1; i < 256; i++) { x = pow[255 - log[i]]; @@ -473,11 +469,9 @@ static void aes_gen_tables(void) x ^= y ^ 0x63; FSb[i] = x; -#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ - !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if defined(MBEDTLS_AES_NEED_REVERSE_TABLES) RSb[x] = (unsigned char) i; -#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && - !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif } /* @@ -499,8 +493,7 @@ static void aes_gen_tables(void) FT3[i] = ROTL8(FT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ - !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if defined(MBEDTLS_AES_NEED_REVERSE_TABLES) x = RSb[i]; RT0[i] = ((uint32_t) MUL(0x0E, x)) ^ @@ -513,8 +506,7 @@ static void aes_gen_tables(void) RT2[i] = ROTL8(RT1[i]); RT3[i] = ROTL8(RT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && - !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* MBEDTLS_AES_NEED_REVERSE_TABLES */ } } From 207c991d56ad9849e55a5e5ba9196f38d065d8ee Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 31 Aug 2023 11:42:49 +0800 Subject: [PATCH 17/61] all.sh: ciper_encrypt_only: cover AESNI and C Implementation Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 42 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 36 insertions(+), 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fea4e0f1f..4d6ec30b5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4166,8 +4166,8 @@ component_test_aes_fewer_tables_and_rom_tables () { make test } -component_test_cipher_encrypt_only () { - msg "build: default config + PSA_CRYPTO_CONFIG + implicitly enable CIPHER_ENCRYPT_ONLY" +component_test_cipher_encrypt_only_aesni () { + # pre-setup to implicitly enable CIPHER_ENCRYPT_ONLY scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS @@ -4177,13 +4177,43 @@ component_test_cipher_encrypt_only () { echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h - make CC=gcc CFLAGS="-Werror -Wall -Wextra -I '$PWD' \ - -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + # test AESNI intrinsics + scripts/config.py set MBEDTLS_AESNI_C + msg "build: implicitly enable CIPER_ENCRYPT_ONLY with AESNI intrinsics" + make clean + make CC=gcc CFLAGS="-Werror -Wall -Wextra -mpclmul -msse2 -maes \ + -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" - msg "test: default config + PSA_CRYPTO_CONFIG + implicitly enable CIPER_ENCRYPT_ONLY" + msg "test: implicitly enable CIPER_ENCRYPT_ONLY with AESNI intrinsics" make test - msg "selftest: default config + PSA_CRYPTO_CONFIG + implicitly enable CIPER_ENCRYPT_ONLY" + msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY with AESNI intrinsics" + programs/test/selftest + + # test AESNI assembly + scripts/config.py set MBEDTLS_AESNI_C + msg "build: implicitly enable CIPER_ENCRYPT_ONLY with AESNI assembly" + make clean + make CC=gcc CFLAGS="-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes \ + -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + + msg "test: implicitly enable CIPER_ENCRYPT_ONLY with AESNI assembly" + make test + + msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY with AESNI assembly" + programs/test/selftest + + # test AES C implementation + msg "build: implicitly enable CIPER_ENCRYPT_ONLY with AES C Implementation" + scripts/config.py unset MBEDTLS_AESNI_C + make clean + make CC=gcc CFLAGS="-Werror -Wall -Wextra \ + -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + + msg "test: implicitly enable CIPER_ENCRYPT_ONLY with AES C Implementation" + make test + + msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY with AES C Implementation" programs/test/selftest rm -f psa_cipher_encrypt_only.h From bf66ef9085998bc5e97f2734e9bf24b37d737517 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 31 Aug 2023 14:47:01 +0800 Subject: [PATCH 18/61] all.sh: ciper_encrypt_only: cover baremetal build for AESCE Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4d6ec30b5..812942163 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4219,6 +4219,45 @@ component_test_cipher_encrypt_only_aesni () { rm -f psa_cipher_encrypt_only.h } +support_test_cipher_encrypt_only_aesce_armcc () { + armc6_cc="$ARMC6_BIN_DIR/armclang" + (check_tools "$armc6_cc" > /dev/null 2>&1) +} + +component_test_cipher_encrypt_only_aesce_armcc () { + scripts/config.py baremetal + + # armc[56] don't support SHA-512 intrinsics + scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT + + # Stop armclang warning about feature detection for A64_CRYPTO. + # With this enabled, the library does build correctly under armclang, + # but in baremetal builds (as tested here), feature detection is + # unavailable, and the user is notified via a #warning. So enabling + # this feature would prevent us from building with -Werror on + # armclang. Tracked in #7198. + scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT + scripts/config.py set MBEDTLS_HAVE_ASM + + # pre-setup to implicitly enable CIPHER_ENCRYPT_ONLY + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC + scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_NIST_KW_C + + echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h + + # test AESCE baremetal build + scripts/config.py set MBEDTLS_AESCE_C + msg "build: implicitly enable CIPER_ENCRYPT_ONLY with AESCE" + armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto \ + -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + + rm -f psa_cipher_encrypt_only.h +} + component_test_ctr_drbg_aes_256_sha_256 () { msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" scripts/config.py full From 782190417c5a7755eed60ac70bb8665a28506ffe Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 31 Aug 2023 15:00:57 +0800 Subject: [PATCH 19/61] all.sh: ciper_encrypt_only: cover VIA PADLOCK Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 812942163..4cc67be75 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4219,6 +4219,48 @@ component_test_cipher_encrypt_only_aesni () { rm -f psa_cipher_encrypt_only.h } +component_test_cipher_encrypt_only_aesni_m32 () { + # pre-setup to implicitly enable CIPHER_ENCRYPT_ONLY + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC + scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_NIST_KW_C + + echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h + + # test AESNI intrinsics for i386 with VIA PADLOCK + scripts/config.py set MBEDTLS_AESNI_C + scripts/config.py set MBEDTLS_PADLOCK_C + msg "build: implicitly enable CIPER_ENCRYPT_ONLY for i386 with VIA PADLOCK" + make clean + make CC=gcc LDFLAGS='-m32' CFLAGS="-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes\ + -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + + msg "test: implicitly enable CIPER_ENCRYPT_ONLY for i386 with VIA PADLOCK" + make test + + msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY for i386 with VIA PADLOCK" + programs/test/selftest + + # test AESNI intrinsics for i386 without VIA PADLOCK + scripts/config.py set MBEDTLS_AESNI_C + scripts/config.py unset MBEDTLS_PADLOCK_C + msg "build: implicitly enable CIPER_ENCRYPT_ONLY for i386 without VIA PADLOCK" + make clean + make CC=gcc LDFLAGS='-m32' CFLAGS="-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes\ + -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + + msg "test: implicitly enable CIPER_ENCRYPT_ONLY for i386 without VIA PADLOCK" + make test + + msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY for i386 without VIA PADLOCK" + programs/test/selftest + + rm -f psa_cipher_encrypt_only.h +} + support_test_cipher_encrypt_only_aesce_armcc () { armc6_cc="$ARMC6_BIN_DIR/armclang" (check_tools "$armc6_cc" > /dev/null 2>&1) From a6757765c0bc03be51dc83a25b88dcac8db76313 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 1 Sep 2023 18:24:54 +0800 Subject: [PATCH 20/61] Add ChangeLog entry for MBEDTLS_CIPHER_ENCRYPT_ONLY Signed-off-by: Yanray Wang --- ChangeLog.d/add-cipher-encrypt-only.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/add-cipher-encrypt-only.txt diff --git a/ChangeLog.d/add-cipher-encrypt-only.txt b/ChangeLog.d/add-cipher-encrypt-only.txt new file mode 100644 index 000000000..1a0181d6d --- /dev/null +++ b/ChangeLog.d/add-cipher-encrypt-only.txt @@ -0,0 +1,6 @@ +Features + * Add support to remove xxx_setkey_dec and xxx_decrypt for cipher type of + AES, ARIA, CAMELLIA and DES. This is achieved by implicitly enabling + MBEDTLS_CIPHER_ENCRYPT_ONLY when + - ECB and CBC cipher modes are not requested via the PSA API. + - ECB, CBC, XTS and KW are not enabled in the legacy API. From 4f4822c55392e19e2ae97e431e30e663e3dde047 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 7 Sep 2023 16:22:01 +0800 Subject: [PATCH 21/61] Revert "des: add CIPHER_ENCRYPT_ONLY dependency for test cases" This reverts commit 3c565275c48f1ffc00b5854b1cfecb4dfeacf844. Signed-off-by: Yanray Wang --- tests/suites/test_suite_cipher.des.data | 10 +++++----- tests/suites/test_suite_des.function | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_cipher.des.data b/tests/suites/test_suite_cipher.des.data index 2ab7fe7f1..77f7515b9 100644 --- a/tests/suites/test_suite_cipher.des.data +++ b/tests/suites/test_suite_cipher.des.data @@ -575,15 +575,15 @@ depends_on:MBEDTLS_DES_C test_vec_ecb:MBEDTLS_CIPHER_DES_ECB:MBEDTLS_ENCRYPT:"FEDCBA9876543210":"0123456789ABCDEF":"ED39D950FA74BCC4":0 DES ECB Decrypt test vector (OpenSSL) #1 -depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_DES_C test_vec_ecb:MBEDTLS_CIPHER_DES_ECB:MBEDTLS_DECRYPT:"0000000000000000":"8CA64DE9C1B123A7":"0000000000000000":0 DES ECB Decrypt test vector (OpenSSL) #2 -depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_DES_C test_vec_ecb:MBEDTLS_CIPHER_DES_ECB:MBEDTLS_DECRYPT:"FFFFFFFFFFFFFFFF":"7359B2163E4EDC58":"FFFFFFFFFFFFFFFF":0 DES ECB Decrypt test vector (OpenSSL) #3 -depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_DES_C test_vec_ecb:MBEDTLS_CIPHER_DES_ECB:MBEDTLS_DECRYPT:"43297FAD38E373FE":"EA676B2CB7DB2B7A":"762514B829BF486A":0 DES3-EDE ECB Encrypt test vector (OpenSSL) #1 @@ -595,9 +595,9 @@ depends_on:MBEDTLS_DES_C test_vec_ecb:MBEDTLS_CIPHER_DES_EDE_ECB:MBEDTLS_ENCRYPT:"FFFFFFFFFFFFFFFF3000000000000000":"FFFFFFFFFFFFFFFF":"199E9D6DF39AA816":0 DES3-EDE ECB Decrypt test vector (OpenSSL) #1 -depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_DES_C test_vec_ecb:MBEDTLS_CIPHER_DES_EDE_ECB:MBEDTLS_DECRYPT:"0000000000000000FFFFFFFFFFFFFFFF":"9295B59BB384736E":"0000000000000000":0 DES3-EDE ECB Decrypt test vector (OpenSSL) #2 -depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_DES_C test_vec_ecb:MBEDTLS_CIPHER_DES_EDE_ECB:MBEDTLS_DECRYPT:"FFFFFFFFFFFFFFFF3000000000000000":"199E9D6DF39AA816":"FFFFFFFFFFFFFFFF":0 diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function index 61ec8b8dc..b846d777a 100644 --- a/tests/suites/test_suite_des.function +++ b/tests/suites/test_suite_des.function @@ -34,7 +34,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ +/* BEGIN_CASE */ void des_decrypt_ecb(data_t *key_str, data_t *src_str, data_t *dst) { unsigned char output[100]; @@ -133,7 +133,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ +/* BEGIN_CASE */ void des3_decrypt_ecb(int key_count, data_t *key_str, data_t *src_str, data_t *dst) { From 56e27b9938d8357b923f78d772a6753846ddc233 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 7 Sep 2023 16:25:22 +0800 Subject: [PATCH 22/61] des: don't consider DES for CIPHER_ENCRYPT_ONLY We only support ECB and CBC modes for DES. Those two modes require both encrypt and decrypt directions, so we don't consider DES with CIPHER_ENCRYPT_ONLY. Signed-off-by: Yanray Wang --- include/mbedtls/des.h | 6 ------ library/des.c | 21 --------------------- 2 files changed, 27 deletions(-) diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index f10ac90d7..f445102d9 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -182,7 +182,6 @@ int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]); MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief DES key schedule (56-bit, decryption) * @@ -197,7 +196,6 @@ int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBE */ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief Triple-DES key schedule (112-bit, encryption) @@ -215,7 +213,6 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief Triple-DES key schedule (112-bit, decryption) * @@ -231,7 +228,6 @@ int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief Triple-DES key schedule (168-bit, encryption) @@ -249,7 +245,6 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief Triple-DES key schedule (168-bit, decryption) * @@ -265,7 +260,6 @@ int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief DES-ECB block encryption/decryption diff --git a/library/des.c b/library/des.c index a6a6b2fb8..eaddf282a 100644 --- a/library/des.c +++ b/library/des.c @@ -483,7 +483,6 @@ int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBE /* * DES key schedule (56-bit, decryption) */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]) { int i; @@ -497,7 +496,6 @@ int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBE return 0; } -#endif static void des3_set2key(uint32_t esk[96], uint32_t dsk[96], @@ -540,7 +538,6 @@ int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, /* * Triple-DES key schedule (112-bit, decryption) */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]) { @@ -551,7 +548,6 @@ int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, return 0; } -#endif static void des3_set3key(uint32_t esk[96], uint32_t dsk[96], @@ -592,7 +588,6 @@ int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, /* * Triple-DES key schedule (168-bit, decryption) */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]) { @@ -603,7 +598,6 @@ int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, return 0; } -#endif /* * DES-ECB block encryption/decryption @@ -875,43 +869,28 @@ int mbedtls_des_self_test(int verbose) (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc"); } -#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) - if (v == MBEDTLS_DES_DECRYPT) { - if (verbose != 0) { - mbedtls_printf("skipped\n"); - } - continue; - } -#endif - memcpy(buf, des3_test_buf, 8); switch (i) { -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) case 0: ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys); break; -#endif case 1: ret = mbedtls_des_setkey_enc(&ctx, des3_test_keys); break; -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) case 2: ret = mbedtls_des3_set2key_dec(&ctx3, des3_test_keys); break; -#endif case 3: ret = mbedtls_des3_set2key_enc(&ctx3, des3_test_keys); break; -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) case 4: ret = mbedtls_des3_set3key_dec(&ctx3, des3_test_keys); break; -#endif case 5: ret = mbedtls_des3_set3key_enc(&ctx3, des3_test_keys); From c5944d4a3c2983831d145508fdf3797a9751107e Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 7 Sep 2023 17:58:49 +0800 Subject: [PATCH 23/61] all.sh: fix a typo Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 79f5d97e3..aee68c571 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4215,41 +4215,41 @@ component_test_cipher_encrypt_only_aesni () { # test AESNI intrinsics scripts/config.py set MBEDTLS_AESNI_C - msg "build: implicitly enable CIPER_ENCRYPT_ONLY with AESNI intrinsics" + msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI intrinsics" make clean make CC=gcc CFLAGS="-Werror -Wall -Wextra -mpclmul -msse2 -maes \ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" - msg "test: implicitly enable CIPER_ENCRYPT_ONLY with AESNI intrinsics" + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI intrinsics" make test - msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY with AESNI intrinsics" + msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI intrinsics" programs/test/selftest # test AESNI assembly scripts/config.py set MBEDTLS_AESNI_C - msg "build: implicitly enable CIPER_ENCRYPT_ONLY with AESNI assembly" + msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI assembly" make clean make CC=gcc CFLAGS="-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes \ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" - msg "test: implicitly enable CIPER_ENCRYPT_ONLY with AESNI assembly" + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI assembly" make test - msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY with AESNI assembly" + msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI assembly" programs/test/selftest # test AES C implementation - msg "build: implicitly enable CIPER_ENCRYPT_ONLY with AES C Implementation" + msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AES C Implementation" scripts/config.py unset MBEDTLS_AESNI_C make clean make CC=gcc CFLAGS="-Werror -Wall -Wextra \ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" - msg "test: implicitly enable CIPER_ENCRYPT_ONLY with AES C Implementation" + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AES C Implementation" make test - msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY with AES C Implementation" + msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY with AES C Implementation" programs/test/selftest rm -f psa_cipher_encrypt_only.h @@ -4269,29 +4269,29 @@ component_test_cipher_encrypt_only_aesni_m32 () { # test AESNI intrinsics for i386 with VIA PADLOCK scripts/config.py set MBEDTLS_AESNI_C scripts/config.py set MBEDTLS_PADLOCK_C - msg "build: implicitly enable CIPER_ENCRYPT_ONLY for i386 with VIA PADLOCK" + msg "build: implicitly enable CIPHER_ENCRYPT_ONLY for i386 with VIA PADLOCK" make clean make CC=gcc LDFLAGS='-m32' CFLAGS="-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes\ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" - msg "test: implicitly enable CIPER_ENCRYPT_ONLY for i386 with VIA PADLOCK" + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY for i386 with VIA PADLOCK" make test - msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY for i386 with VIA PADLOCK" + msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY for i386 with VIA PADLOCK" programs/test/selftest # test AESNI intrinsics for i386 without VIA PADLOCK scripts/config.py set MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_PADLOCK_C - msg "build: implicitly enable CIPER_ENCRYPT_ONLY for i386 without VIA PADLOCK" + msg "build: implicitly enable CIPHER_ENCRYPT_ONLY for i386 without VIA PADLOCK" make clean make CC=gcc LDFLAGS='-m32' CFLAGS="-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes\ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" - msg "test: implicitly enable CIPER_ENCRYPT_ONLY for i386 without VIA PADLOCK" + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY for i386 without VIA PADLOCK" make test - msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY for i386 without VIA PADLOCK" + msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY for i386 without VIA PADLOCK" programs/test/selftest rm -f psa_cipher_encrypt_only.h @@ -4329,7 +4329,7 @@ component_test_cipher_encrypt_only_aesce_armcc () { # test AESCE baremetal build scripts/config.py set MBEDTLS_AESCE_C - msg "build: implicitly enable CIPER_ENCRYPT_ONLY with AESCE" + msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AESCE" armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto \ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" From 3caaf0c61eac1707e15eb027828bad687813c7c2 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 7 Sep 2023 17:50:14 +0800 Subject: [PATCH 24/61] Enable CIPHER_ENCRYPT_ONLY when DES is disabled Signed-off-by: Yanray Wang --- ChangeLog.d/add-cipher-encrypt-only.txt | 1 + include/mbedtls/config_adjust_legacy_crypto.h | 6 ++++++ tests/scripts/all.sh | 6 ++++++ 3 files changed, 13 insertions(+) diff --git a/ChangeLog.d/add-cipher-encrypt-only.txt b/ChangeLog.d/add-cipher-encrypt-only.txt index 1a0181d6d..434c294d2 100644 --- a/ChangeLog.d/add-cipher-encrypt-only.txt +++ b/ChangeLog.d/add-cipher-encrypt-only.txt @@ -4,3 +4,4 @@ Features MBEDTLS_CIPHER_ENCRYPT_ONLY when - ECB and CBC cipher modes are not requested via the PSA API. - ECB, CBC, XTS and KW are not enabled in the legacy API. + - DES is not requested in the PSA API and the legacy API. diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 4480b8cae..c2fbb2432 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -39,14 +39,20 @@ * MBEDTLS_CIPHER_ENCRYPT_ONLY is only enabled when those modes * are not requested via the PSA API and are not enabled in the legacy API. * + * DES only supports ECB and CBC modes in Mbed TLS. As it's a deprecated and + * insecure block cipher, MBEDTLS_CIPHER_ENCRYPT_ONLY is enabled when DES + * is not requested via the PSA API and is not enabled in the legacy API. + * * Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. */ #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) #if !defined(PSA_WANT_ALG_ECB_NO_PADDING) && \ !defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ !defined(PSA_WANT_ALG_CBC_PKCS7) && \ + !defined(PSA_WANT_KEY_TYPE_DES) && \ !defined(MBEDTLS_CIPHER_MODE_CBC) && \ !defined(MBEDTLS_CIPHER_MODE_XTS) && \ + !defined(MBEDTLS_DES_C) && \ !defined(MBEDTLS_NIST_KW_C) #define MBEDTLS_CIPHER_ENCRYPT_ONLY 1 #endif diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index aee68c571..8223a889d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4207,11 +4207,13 @@ component_test_cipher_encrypt_only_aesni () { scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h # test AESNI intrinsics scripts/config.py set MBEDTLS_AESNI_C @@ -4260,11 +4262,13 @@ component_test_cipher_encrypt_only_aesni_m32 () { scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h # test AESNI intrinsics for i386 with VIA PADLOCK scripts/config.py set MBEDTLS_AESNI_C @@ -4321,11 +4325,13 @@ component_test_cipher_encrypt_only_aesce_armcc () { scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h # test AESCE baremetal build scripts/config.py set MBEDTLS_AESCE_C From ef1b04db9485c246723fe5b6f1e3e22b4a85e311 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 8 Sep 2023 11:09:26 +0800 Subject: [PATCH 25/61] all.sh: make sure CIPHER_ENCRYPT_ONLY is enabled in tests grep corresponding mbedtls_xxx_setkey_dec and mbedtls_xxx_decrypt symbols in cipher_only tests to make sure CIPHER_ENCRYPT_ONLY is enabled as expected. Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 48 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 45 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8223a889d..2107de088 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4210,7 +4210,7 @@ component_test_cipher_encrypt_only_aesni () { scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C - echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' > psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h @@ -4222,6 +4222,13 @@ component_test_cipher_encrypt_only_aesni () { make CC=gcc CFLAGS="-Werror -Wall -Wextra -mpclmul -msse2 -maes \ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI intrinsics" make test @@ -4235,6 +4242,13 @@ component_test_cipher_encrypt_only_aesni () { make CC=gcc CFLAGS="-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes \ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI assembly" make test @@ -4248,6 +4262,13 @@ component_test_cipher_encrypt_only_aesni () { make CC=gcc CFLAGS="-Werror -Wall -Wextra \ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AES C Implementation" make test @@ -4265,7 +4286,7 @@ component_test_cipher_encrypt_only_aesni_m32 () { scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C - echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' > psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h @@ -4278,6 +4299,13 @@ component_test_cipher_encrypt_only_aesni_m32 () { make CC=gcc LDFLAGS='-m32' CFLAGS="-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes\ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY for i386 with VIA PADLOCK" make test @@ -4292,6 +4320,13 @@ component_test_cipher_encrypt_only_aesni_m32 () { make CC=gcc LDFLAGS='-m32' CFLAGS="-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes\ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY for i386 without VIA PADLOCK" make test @@ -4328,7 +4363,7 @@ component_test_cipher_encrypt_only_aesce_armcc () { scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C - echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' > psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h @@ -4339,6 +4374,13 @@ component_test_cipher_encrypt_only_aesce_armcc () { armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto \ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + rm -f psa_cipher_encrypt_only.h } From bc7716cddc9021398044fc32f6b115b639035e59 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 8 Sep 2023 11:20:59 +0800 Subject: [PATCH 26/61] all.sh: run make clean before make lib in armc6_build_test We should run make clean before we build libraries in armc6_build_test. On the one hand, this makes sure we do have a clean build directory initially. On the other hand, we can do extra actions after building the library with armc6_build_test. Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2107de088..a69f03ffc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -412,13 +412,12 @@ armc6_build_test() FLAGS="$1" msg "build: ARM Compiler 6 ($FLAGS)" + make clean ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ WARNING_CFLAGS='-Werror -xc -std=c99' make lib msg "size: ARM Compiler 6 ($FLAGS)" "$ARMC6_FROMELF" -z library/*.o - - make clean } err_msg() @@ -3676,7 +3675,6 @@ component_build_tfm_armcc() { cp configs/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" msg "build: TF-M config, armclang armv7-m thumb2" - make clean armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" } @@ -4853,8 +4851,6 @@ component_build_armcc () { msg "size: ARM Compiler 5" "$ARMC5_FROMELF" -z library/*.o - make clean - # Compile mostly with -O1 since some Arm inline assembly is disabled for -O0. # ARM Compiler 6 - Target ARMv7-A From b67b47425ed1163a3c44bd6ca526b83b44901367 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 31 Oct 2023 17:10:32 +0800 Subject: [PATCH 27/61] Rename MBEDTLS_CIPHER_ENCRYPT_ONLY as MBEDTLS_BLOCK_CIPHER_NO_DECRYPT Signed-off-by: Yanray Wang --- ChangeLog.d/add-cipher-encrypt-only.txt | 2 +- include/mbedtls/aes.h | 8 +- include/mbedtls/aria.h | 4 +- include/mbedtls/camellia.h | 4 +- include/mbedtls/check_config.h | 4 +- include/mbedtls/config_adjust_legacy_crypto.h | 6 +- library/aes.c | 18 +-- library/aesce.c | 8 +- library/aesce.h | 4 +- library/aesni.c | 10 +- library/aesni.h | 4 +- library/aria.c | 8 +- library/camellia.c | 8 +- library/cipher.c | 2 +- library/cipher_wrap.c | 42 +++---- library/cipher_wrap.h | 2 +- programs/pkey/dh_client.c | 4 +- tests/suites/test_suite_aes.function | 6 +- tests/suites/test_suite_aria.function | 2 +- tests/suites/test_suite_camellia.function | 2 +- tests/suites/test_suite_cipher.aes.data | 116 +++++++++--------- 21 files changed, 132 insertions(+), 132 deletions(-) diff --git a/ChangeLog.d/add-cipher-encrypt-only.txt b/ChangeLog.d/add-cipher-encrypt-only.txt index 434c294d2..d56c08da3 100644 --- a/ChangeLog.d/add-cipher-encrypt-only.txt +++ b/ChangeLog.d/add-cipher-encrypt-only.txt @@ -1,7 +1,7 @@ Features * Add support to remove xxx_setkey_dec and xxx_decrypt for cipher type of AES, ARIA, CAMELLIA and DES. This is achieved by implicitly enabling - MBEDTLS_CIPHER_ENCRYPT_ONLY when + MBEDTLS_BLOCK_CIPHER_NO_DECRYPT when - ECB and CBC cipher modes are not requested via the PSA API. - ECB, CBC, XTS and KW are not enabled in the legacy API. - DES is not requested in the PSA API and the legacy API. diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 0780ece3b..c53f817c1 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -167,7 +167,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) /** * \brief This function sets the decryption key. * @@ -186,7 +186,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ #if defined(MBEDTLS_CIPHER_MODE_XTS) /** @@ -606,7 +606,7 @@ int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) /** * \brief Internal AES block decryption function. This is only * exposed to allow overriding it using see @@ -622,7 +622,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ #if defined(MBEDTLS_SELF_TEST) /** diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index e725ea044..2750840d1 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -110,7 +110,7 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) /** * \brief This function sets the decryption key. * @@ -129,7 +129,7 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ /** * \brief This function performs an ARIA single-block encryption or diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 74a8e3434..f9e488dcc 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -93,7 +93,7 @@ int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) /** * \brief Perform a CAMELLIA key schedule operation for decryption. * @@ -109,7 +109,7 @@ int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx, int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ /** * \brief Perform a CAMELLIA-ECB block encryption/decryption operation. diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 5de8eb334..c580bf792 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -183,12 +183,12 @@ #error "MBEDTLS_NIST_KW_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) && \ +#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) && \ (!defined(MBEDTLS_PSA_CRYPTO_CONFIG) || \ (defined(MBEDTLS_CIPHER_MODE_CBC) || \ defined(MBEDTLS_CIPHER_MODE_XTS) || \ defined(MBEDTLS_NIST_KW_C))) -#error "MBEDTLS_CIPHER_ENCRYPT_ONLY defined, but not all prerequisites" +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT defined, but not all prerequisites" #endif #if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 2ac522e47..677772126 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -36,11 +36,11 @@ /* * ECB, CBC, XTS, KW modes require both ENCRYPT and DECRYPT directions. - * MBEDTLS_CIPHER_ENCRYPT_ONLY is only enabled when those modes + * MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is only enabled when those modes * are not requested via the PSA API and are not enabled in the legacy API. * * DES only supports ECB and CBC modes in Mbed TLS. As it's a deprecated and - * insecure block cipher, MBEDTLS_CIPHER_ENCRYPT_ONLY is enabled when DES + * insecure block cipher, MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled when DES * is not requested via the PSA API and is not enabled in the legacy API. * * Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. @@ -54,7 +54,7 @@ !defined(MBEDTLS_CIPHER_MODE_XTS) && \ !defined(MBEDTLS_DES_C) && \ !defined(MBEDTLS_NIST_KW_C) -#define MBEDTLS_CIPHER_ENCRYPT_ONLY 1 +#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT 1 #endif #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ diff --git a/library/aes.c b/library/aes.c index f0a3dc909..940ea0296 100644 --- a/library/aes.c +++ b/library/aes.c @@ -67,7 +67,7 @@ #include "mbedtls/platform.h" #if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ - !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) + !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) #define MBEDTLS_AES_NEED_REVERSE_TABLES #endif @@ -691,7 +691,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, /* * AES key schedule (decryption) */ -#if !defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits) { @@ -760,7 +760,7 @@ exit: return ret; } -#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT && !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ #if defined(MBEDTLS_CIPHER_MODE_XTS) static int mbedtls_aes_xts_decode_keys(const unsigned char *key, @@ -949,7 +949,7 @@ int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, /* * AES-ECB block decryption */ -#if !defined(MBEDTLS_AES_DECRYPT_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_AES_DECRYPT_ALT) && !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) @@ -1006,7 +1006,7 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, return 0; } -#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ /* VIA Padlock and our intrinsics-based implementation of AESNI require * the round keys to be aligned on a 16-byte boundary. We take care of this @@ -1061,7 +1061,7 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, #endif #if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (mode == MBEDTLS_AES_ENCRYPT) { return mbedtls_internal_aes_encrypt(ctx, input, output); } else { @@ -1496,7 +1496,7 @@ exit: * * http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static const unsigned char aes_test_ecb_dec[][16] = { { 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58, @@ -1901,7 +1901,7 @@ int mbedtls_aes_self_test(int verbose) mbedtls_printf(" AES-ECB-%3u (%s): ", keybits, (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc"); } -#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (mode == MBEDTLS_AES_DECRYPT) { if (verbose != 0) { mbedtls_printf("skipped\n"); @@ -1912,7 +1912,7 @@ int mbedtls_aes_self_test(int verbose) memset(buf, 0, 16); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (mode == MBEDTLS_AES_DECRYPT) { ret = mbedtls_aes_setkey_dec(&ctx, key, keybits); aes_tests = aes_test_ecb_dec[u]; diff --git a/library/aesce.c b/library/aesce.c index 46449084a..79c02e367 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -199,7 +199,7 @@ rounds_10: /* Two rounds of AESCE decryption */ #define AESCE_DECRYPT_ROUND_X2 AESCE_DECRYPT_ROUND; AESCE_DECRYPT_ROUND -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static uint8x16_t aesce_decrypt_block(uint8x16_t block, unsigned char *keys, int rounds) @@ -244,7 +244,7 @@ int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, uint8x16_t block = vld1q_u8(&input[0]); unsigned char *keys = (unsigned char *) (ctx->buf + ctx->rk_offset); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (mode == MBEDTLS_AES_ENCRYPT) { block = aesce_encrypt_block(block, keys, ctx->nr); } else { @@ -253,7 +253,7 @@ int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, #else (void) mode; block = aesce_encrypt_block(block, keys, ctx->nr); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ vst1q_u8(&output[0], block); return 0; @@ -262,7 +262,7 @@ int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, /* * Compute decryption round keys from encryption round keys */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) void mbedtls_aesce_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr) diff --git a/library/aesce.h b/library/aesce.h index 25d2b41a7..bda376d51 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -99,7 +99,7 @@ void mbedtls_aesce_gcm_mult(unsigned char c[16], const unsigned char b[16]); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) /** * \brief Internal round key inversion. This function computes * decryption round keys from the encryption round keys. @@ -111,7 +111,7 @@ void mbedtls_aesce_gcm_mult(unsigned char c[16], void mbedtls_aesce_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ /** * \brief Internal key expansion for encryption diff --git a/library/aesni.c b/library/aesni.c index f7c99df51..0c509acc0 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -93,7 +93,7 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, ++rk; --nr; -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (mode == MBEDTLS_AES_ENCRYPT) { while (nr != 0) { state = _mm_aesenc_si128(state, *rk); @@ -118,7 +118,7 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, --nr; } state = _mm_aesenclast_si128(state, *rk); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ memcpy(output, &state, 16); return 0; @@ -228,7 +228,7 @@ void mbedtls_aesni_gcm_mult(unsigned char c[16], /* * Compute decryption round keys from encryption round keys */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) void mbedtls_aesni_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr) { @@ -468,7 +468,7 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, "jnz 1b \n\t" "movdqu (%1), %%xmm1 \n\t" // load round key AESENCLAST(xmm1_xmm0) // last round -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) "jmp 3f \n\t" "2: \n\t" // decryption loop @@ -606,7 +606,7 @@ void mbedtls_aesni_gcm_mult(unsigned char c[16], /* * Compute decryption round keys from encryption round keys */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) void mbedtls_aesni_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr) { diff --git a/library/aesni.h b/library/aesni.h index d1bfaf6ef..7708c443a 100644 --- a/library/aesni.h +++ b/library/aesni.h @@ -129,7 +129,7 @@ void mbedtls_aesni_gcm_mult(unsigned char c[16], const unsigned char a[16], const unsigned char b[16]); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) /** * \brief Internal round key inversion. This function computes * decryption round keys from the encryption round keys. @@ -144,7 +144,7 @@ void mbedtls_aesni_gcm_mult(unsigned char c[16], void mbedtls_aesni_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ /** * \brief Internal key expansion for encryption diff --git a/library/aria.c b/library/aria.c index 0bd489e68..f09ffe7b2 100644 --- a/library/aria.c +++ b/library/aria.c @@ -425,7 +425,7 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, /* * Set decryption key */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits) { @@ -455,7 +455,7 @@ int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, return 0; } -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ /* * Encrypt a block @@ -886,12 +886,12 @@ int mbedtls_aria_self_test(int verbose) /* test ECB decryption */ if (verbose) { mbedtls_printf(" ARIA-ECB-%d (dec): ", 128 + 64 * i); -#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) mbedtls_printf("skipped\n"); #endif } -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) mbedtls_aria_setkey_dec(&ctx, aria_test1_ecb_key, 128 + 64 * i); mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_ct[i], blk); ARIA_SELF_TEST_ASSERT( diff --git a/library/camellia.c b/library/camellia.c index 634978294..122700be7 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -411,7 +411,7 @@ int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx, /* * Camellia key schedule (decryption) */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits) @@ -457,7 +457,7 @@ exit: return ret; } -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ /* * Camellia-ECB block encryption/decryption @@ -902,7 +902,7 @@ int mbedtls_camellia_self_test(int verbose) (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc"); } -#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (v == MBEDTLS_CAMELLIA_DECRYPT) { if (verbose != 0) { mbedtls_printf("skipped\n"); @@ -914,7 +914,7 @@ int mbedtls_camellia_self_test(int verbose) for (i = 0; i < CAMELLIA_TESTS_ECB; i++) { memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (v == MBEDTLS_CAMELLIA_DECRYPT) { mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64); memcpy(src, camellia_test_ecb_cipher[u][i], 16); diff --git a/library/cipher.c b/library/cipher.c index 823987bf8..60c13a9f7 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -386,7 +386,7 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, ctx->key_bitlen = key_bitlen; ctx->operation = operation; -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) /* * For OFB, CFB and CTR mode always use the encryption key schedule */ diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 3bdfa951f..b44ca9c3b 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -238,7 +238,7 @@ static int aes_crypt_xts_wrap(void *ctx, mbedtls_operation_t operation, } #endif /* MBEDTLS_CIPHER_MODE_XTS */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int aes_setkey_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -293,7 +293,7 @@ static const mbedtls_cipher_base_t aes_info = { NULL, #endif aes_setkey_enc_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) aes_setkey_dec_wrap, #endif aes_ctx_alloc, @@ -603,7 +603,7 @@ static const mbedtls_cipher_base_t gcm_aes_info = { NULL, #endif gcm_aes_setkey_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) gcm_aes_setkey_wrap, #endif gcm_ctx_alloc, @@ -676,7 +676,7 @@ static const mbedtls_cipher_base_t ccm_aes_info = { NULL, #endif ccm_aes_setkey_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) ccm_aes_setkey_wrap, #endif ccm_ctx_alloc, @@ -795,7 +795,7 @@ static int camellia_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off, } #endif /* MBEDTLS_CIPHER_MODE_CTR */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int camellia_setkey_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -851,7 +851,7 @@ static const mbedtls_cipher_base_t camellia_info = { NULL, #endif camellia_setkey_enc_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) camellia_setkey_dec_wrap, #endif camellia_ctx_alloc, @@ -1026,7 +1026,7 @@ static const mbedtls_cipher_base_t gcm_camellia_info = { NULL, #endif gcm_camellia_setkey_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) gcm_camellia_setkey_wrap, #endif gcm_ctx_alloc, @@ -1097,7 +1097,7 @@ static const mbedtls_cipher_base_t ccm_camellia_info = { NULL, #endif ccm_camellia_setkey_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) ccm_camellia_setkey_wrap, #endif ccm_ctx_alloc, @@ -1213,7 +1213,7 @@ static int aria_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off, } #endif /* MBEDTLS_CIPHER_MODE_CTR */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int aria_setkey_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1269,7 +1269,7 @@ static const mbedtls_cipher_base_t aria_info = { NULL, #endif aria_setkey_enc_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) aria_setkey_dec_wrap, #endif aria_ctx_alloc, @@ -1444,7 +1444,7 @@ static const mbedtls_cipher_base_t gcm_aria_info = { NULL, #endif gcm_aria_setkey_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) gcm_aria_setkey_wrap, #endif gcm_ctx_alloc, @@ -1515,7 +1515,7 @@ static const mbedtls_cipher_base_t ccm_aria_info = { NULL, #endif ccm_aria_setkey_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) ccm_aria_setkey_wrap, #endif ccm_ctx_alloc, @@ -1625,7 +1625,7 @@ static int des3_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t } #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int des_setkey_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1643,7 +1643,7 @@ static int des_setkey_enc_wrap(void *ctx, const unsigned char *key, return mbedtls_des_setkey_enc((mbedtls_des_context *) ctx, key); } -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int des3_set2key_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1661,7 +1661,7 @@ static int des3_set2key_enc_wrap(void *ctx, const unsigned char *key, return mbedtls_des3_set2key_enc((mbedtls_des3_context *) ctx, key); } -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int des3_set3key_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1740,7 +1740,7 @@ static const mbedtls_cipher_base_t des_info = { NULL, #endif des_setkey_enc_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) des_setkey_dec_wrap, #endif des_ctx_alloc, @@ -1793,7 +1793,7 @@ static const mbedtls_cipher_base_t des_ede_info = { NULL, #endif des3_set2key_enc_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) des3_set2key_dec_wrap, #endif des3_ctx_alloc, @@ -1846,7 +1846,7 @@ static const mbedtls_cipher_base_t des_ede3_info = { NULL, #endif des3_set3key_enc_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) des3_set3key_dec_wrap, #endif des3_ctx_alloc, @@ -1949,7 +1949,7 @@ static const mbedtls_cipher_base_t chacha20_base_info = { chacha20_stream_wrap, #endif chacha20_setkey_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) chacha20_setkey_wrap, #endif chacha20_ctx_alloc, @@ -2026,7 +2026,7 @@ static const mbedtls_cipher_base_t chachapoly_base_info = { NULL, #endif chachapoly_setkey_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) chachapoly_setkey_wrap, #endif chachapoly_ctx_alloc, @@ -2096,7 +2096,7 @@ static const mbedtls_cipher_base_t null_base_info = { null_crypt_stream, #endif null_setkey, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) null_setkey, #endif null_ctx_alloc, diff --git a/library/cipher_wrap.h b/library/cipher_wrap.h index 2cbc21671..bf1291da4 100644 --- a/library/cipher_wrap.h +++ b/library/cipher_wrap.h @@ -93,7 +93,7 @@ struct mbedtls_cipher_base_t { int (*setkey_enc_func)(void *ctx, const unsigned char *key, unsigned int key_bitlen); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) /** Set key for decryption purposes */ int (*setkey_dec_func)(void *ctx, const unsigned char *key, unsigned int key_bitlen); diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 9dd38bc6e..0d4172bb1 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -57,10 +57,10 @@ int main(void) mbedtls_exit(0); } -#elif defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#elif defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) int main(void) { - mbedtls_printf("MBEDTLS_CIPHER_ENCRYPT_ONLY implicitly defined.\n"); + mbedtls_printf("MBEDTLS_BLOCK_CIPHER_NO_DECRYPT implicitly defined.\n"); mbedtls_exit(0); } #else diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 2aa27d320..2ca3f7f20 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -6,7 +6,7 @@ * master, enc and dec must be AES context objects. They don't need to * be initialized, and are left freed. */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int test_copy(const data_t *key, mbedtls_aes_context *master, mbedtls_aes_context *enc, @@ -88,7 +88,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ +/* BEGIN_CASE depends_on:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ void aes_decrypt_ecb(data_t *key_str, data_t *src_str, data_t *dst, int setkey_result) { @@ -525,7 +525,7 @@ void aes_misc_params() } /* END_CASE */ -/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ +/* BEGIN_CASE depends_on:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ void aes_ecb_copy_context(data_t *key) { /* We test context copying multiple times, with different alignments diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index ab1ce00ec..f1748d114 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -86,7 +86,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ +/* BEGIN_CASE depends_on:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ void aria_decrypt_ecb(data_t *key_str, data_t *src_str, data_t *expected_output, int setkey_result) { diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index 8454c5ffe..6930679f2 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -67,7 +67,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ +/* BEGIN_CASE depends_on:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ void camellia_decrypt_ecb(data_t *key_str, data_t *src_str, data_t *dst, int setkey_result) { diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data index 11a723b27..99a662b83 100644 --- a/tests/suites/test_suite_cipher.aes.data +++ b/tests/suites/test_suite_cipher.aes.data @@ -1595,47 +1595,47 @@ depends_on:MBEDTLS_AES_C test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"fffffffffffffffffffffffff8000000":"2ca8209d63274cd9a29bb74bcd77683a":0 AES-128-ECB Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"db4f1aa530967d6732ce4715eb0ee24b":"ff000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"a81738252621dd180a34f3455b4baa2f":"ff800000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"77e2b508db7fd89234caf7939ee5621a":"ffc00000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"dc43be40be0e53712f7e2bf5ca707209":"6a118a874519e64e9963798a503f1d35":0 AES-128-ECB Decrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"92beedab1895a94faa69b632e5cc47ce":"cb9fceec81286ca3e989bd979b0cb284":0 AES-128-ECB Decrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"459264f4798f6a78bacb89c15ed3d601":"b26aeb1874e47ca8358ff22378f09144":0 AES-128-ECB Decrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"b69418a85332240dc82492353956ae0c":"a303d940ded8f0baff6f75414cac5243":"00000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"71b5c08a1993e1362e4d0ce9b22b78d5":"c2dabd117f8a3ecabfbb11d12194d9d0":"00000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"e234cdca2606b81f29408d5f6da21206":"fff60a4740086b3b9c56195b98d91a7b":"00000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff0000000000000000":"84be19e053635f09f2665e7bae85b42d":"00000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff8000000000000000":"32cd652842926aea4aa6137bb2be2b5e":"00000000000000000000000000000000":0 AES-192-ECB Encrypt NIST KAT #1 @@ -1687,51 +1687,51 @@ depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"fffffffffffffffffffffffffffe00000000000000000000":"00000000000000000000000000000000":"fd5548bcf3f42565f7efa94562528d46":0 AES-192-ECB Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff000000000000000":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff800000000000000":"1b9f5fbd5e8a4264c0a85b80409afa5e":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffc00000000000000":"30dab809f85a917fe924733f424ac589":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"61257134a518a0d57d9d244d45f6498cbc32f2bafc522d79":"cfe4d74002696ccf7d87b14a2f9cafc9":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"b0ab0a6a818baef2d11fa33eac947284fb7d748cfb75e570":"d2eafd86f63b109b91f5dbb3a3fb7e13":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"ee053aa011c8b428cdcc3636313c54d6a03cac01c71579d6":"9b9fdd1c5975655f539998b306a324af":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0 AES-192-ECB Decrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"c9b8135ff1b5adc413dfd053b21bd96d":"9c2d8842e5f48f57648205d39a239af1":0 AES-192-ECB Decrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"4a3650c3371ce2eb35e389a171427440":"bff52510095f518ecca60af4205444bb":0 AES-192-ECB Decrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"b2099795e88cc158fd75ea133d7e7fbe":"ffffffffffffffffffffc00000000000":0 AES-192-ECB Decrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"a6cae46fb6fadfe7a2c302a34242817b":"ffffffffffffffffffffe00000000000":0 AES-192-ECB Decrypt NIST KAT #12 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"026a7024d6a902e0b3ffccbaa910cc3f":"fffffffffffffffffffff00000000000":0 AES-256-ECB Encrypt NIST KAT #1 @@ -1783,51 +1783,51 @@ depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffffe000000000000000000000000000":"00000000000000000000000000000000":"dcf4e129136c1a4b7a0f38935cc34b2b":0 AES-256-ECB Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff80000000000000000":"6168b00ba7859e0970ecfd757efecf7c":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffffc0000000000000000":"d1415447866230d28bb1ea18a4cdfd02":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"f8be9ba615c5a952cabbca24f68f8593039624d524c816acda2c9183bd917cb9":"a3944b95ca0b52043584ef02151926a8":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"797f8b3d176dac5b7e34a2d539c4ef367a16f8635f6264737591c5c07bf57a3e":"a74289fe73a4c123ca189ea1e1b49ad5":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"6838d40caf927749c13f0329d331f448e202c73ef52c5f73a37ca635d4c47707":"b91d4ea4488644b56cf0812fa7fcf5fc":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c7421":"761c1fe41a18acf20d241650611d90f1":0 AES-256-ECB Decrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"38f2c7ae10612415d27ca190d27da8b4":"8a560769d605868ad80d819bdba03771":0 AES-256-ECB Decrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"1bc704f1bce135ceb810341b216d7abe":"91fbef2d15a97816060bee1feaa49afe":0 AES-256-ECB Decrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"0a6bdc6d4c1e6280301fd8e97ddbe601":"c0000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #12 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"9b80eefb7ebe2d2b16247aa0efc72f5d":"e0000000000000000000000000000000":0 AES-128-ECB crypt Encrypt NIST KAT #1 @@ -1843,15 +1843,15 @@ depends_on:MBEDTLS_AES_C test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"ffffffffffffffc00000000000000000":"3a4d354f02bb5a5e47d39666867f246a":0:0 AES-128-ECB crypt Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"db4f1aa530967d6732ce4715eb0ee24b":"ff000000000000000000000000000000":0:0 AES-128-ECB crypt Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"b69418a85332240dc82492353956ae0c":"":"a303d940ded8f0baff6f75414cac5243":"00000000000000000000000000000000":0:0 AES-128-ECB crypt Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff8000000000000000":"":"32cd652842926aea4aa6137bb2be2b5e":"00000000000000000000000000000000":0:0 AES-192-ECB crypt Encrypt NIST KAT #1 @@ -1871,19 +1871,19 @@ depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"fffffffffffffffffffffffffff800000000000000000000":"":"00000000000000000000000000000000":"8dd274bd0f1b58ae345d9e7233f9b8f3":0:0 AES-192-ECB crypt Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff000000000000000":"":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":0:0 AES-192-ECB crypt Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"61257134a518a0d57d9d244d45f6498cbc32f2bafc522d79":"":"cfe4d74002696ccf7d87b14a2f9cafc9":"00000000000000000000000000000000":0:0 AES-192-ECB crypt Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0:0 AES-192-ECB crypt Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"b2099795e88cc158fd75ea133d7e7fbe":"ffffffffffffffffffffc00000000000":0:0 AES-256-ECB crypt Encrypt NIST KAT #1 @@ -1903,19 +1903,19 @@ depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffff8000000000000000000000000000":"":"00000000000000000000000000000000":"45d089c36d5c5a4efc689e3b0de10dd5":0:0 AES-256-ECB crypt Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":0:0 AES-256-ECB crypt Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"f8be9ba615c5a952cabbca24f68f8593039624d524c816acda2c9183bd917cb9":"":"a3944b95ca0b52043584ef02151926a8":"00000000000000000000000000000000":0:0 AES-256-ECB crypt Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"623a52fcea5d443e48d9181ab32c7421":"761c1fe41a18acf20d241650611d90f1":0:0 AES-256-ECB crypt Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0:0 AES-128-CBC crypt Encrypt NIST KAT #1 @@ -2127,19 +2127,19 @@ depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES: test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0:1 AES-128-ECB crypt Decrypt NIST KAT #1 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"3ad78e726c1ec02b7ebfe92b23d9ec34":"80000000000000000000000000000000":0:1 AES-128-ECB crypt Decrypt NIST KAT #2 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffc000000000000000000000000000":"":"df556a33438db87bc41b1752c55e5e49":"00000000000000000000000000000000":0:1 AES-128-ECB crypt Decrypt NIST KAT #3 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"10a58869d74be5a374cf867cfb473859":"":"6d251e6944b051e04eaa6fb4dbf78465":"00000000000000000000000000000000":0:1 AES-128-ECB crypt Decrypt NIST KAT #4 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"0336763e966d92595a567cc9ce537f5e":"f34481ec3cc627bacd5dc3fb08f273e6":0:1 AES-192-ECB crypt Encrypt NIST KAT #1 PSA @@ -2159,19 +2159,19 @@ depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES: test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"1b077a6af4b7f98229de786d7516b639":"275cfc0413d8ccb70513c3859b1d0f72":0:1 AES-192-ECB crypt Decrypt NIST KAT #1 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"6cd02513e8d4dc986b4afe087a60bd0c":"80000000000000000000000000000000":0:1 AES-192-ECB crypt Decrypt NIST KAT #2 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"ffe000000000000000000000000000000000000000000000":"":"7ababc4b3f516c9aafb35f4140b548f9":"00000000000000000000000000000000":0:1 AES-192-ECB crypt Decrypt NIST KAT #3 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"":"0956259c9cd5cfd0181cca53380cde06":"00000000000000000000000000000000":0:1 AES-192-ECB crypt Decrypt NIST KAT #4 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0:1 AES-256-ECB crypt Encrypt NIST KAT #1 PSA @@ -2191,19 +2191,19 @@ depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES: test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"014730f80ac625fe84f026c60bfd547d":"5c9d844ed46f9885085e5d6a4f94c7d7":0:1 AES-256-ECB crypt Decrypt NIST KAT #1 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0:1 AES-256-ECB crypt Decrypt NIST KAT #2 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"ffe0000000000000000000000000000000000000000000000000000000000000":"":"d1ccb9b1337002cbac42c520b5d67722":"00000000000000000000000000000000":0:1 AES-256-ECB crypt Decrypt NIST KAT #3 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"":"46f2fb342d6f0ab477476fc501242c5f":"00000000000000000000000000000000":0:1 AES-256-ECB crypt Decrypt NIST KAT #4 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0:1 AES-128-CCM*-NO-TAG crypt Encrypt NIST VPT AES-128 #15 From e367e47be00bc36e6e8122758fa2ffe2ac0d5f76 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 31 Oct 2023 17:23:04 +0800 Subject: [PATCH 28/61] mbedtls_config: add new config option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT With the introduction of negative option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT, we don't need to implicitly enable it through PSA. Signed-off-by: Yanray Wang --- include/mbedtls/config_adjust_legacy_crypto.h | 24 ------------------- include/mbedtls/mbedtls_config.h | 19 +++++++++++++++ 2 files changed, 19 insertions(+), 24 deletions(-) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 677772126..495cd5ab3 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -34,30 +34,6 @@ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H #define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H -/* - * ECB, CBC, XTS, KW modes require both ENCRYPT and DECRYPT directions. - * MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is only enabled when those modes - * are not requested via the PSA API and are not enabled in the legacy API. - * - * DES only supports ECB and CBC modes in Mbed TLS. As it's a deprecated and - * insecure block cipher, MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled when DES - * is not requested via the PSA API and is not enabled in the legacy API. - * - * Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. - */ -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -#if !defined(PSA_WANT_ALG_ECB_NO_PADDING) && \ - !defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - !defined(PSA_WANT_ALG_CBC_PKCS7) && \ - !defined(PSA_WANT_KEY_TYPE_DES) && \ - !defined(MBEDTLS_CIPHER_MODE_CBC) && \ - !defined(MBEDTLS_CIPHER_MODE_XTS) && \ - !defined(MBEDTLS_DES_C) && \ - !defined(MBEDTLS_NIST_KW_C) -#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT 1 -#endif -#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ - /* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C. * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C. */ diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index af0761395..3caea9cc5 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2383,6 +2383,25 @@ */ #define MBEDTLS_BASE64_C +/** + * \def MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + * + * Remove decryption operation for AES, ARIA and Camellia block cipher. + * + * \note This feature is incompatible with insecure block cipher, + * MBEDTLS_DES_C, and cipher modes which always require decryption + * operation, MBEDTLS_CIPHER_MODE_CBC, MBEDTLS_CIPHER_MODE_XTS and + * MBEDTLS_NIST_KW_C. + * + * Module: library/aes.c + * library/aesce.c + * library/aesni.c + * library/aria.c + * library/camellia.c + * library/cipher.c + */ +//#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + /** * \def MBEDTLS_BIGNUM_C * From b799eea123254ce205cd9f81be6039481e6a23ff Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 31 Oct 2023 17:41:47 +0800 Subject: [PATCH 29/61] check_config: add checks for MBEDTLS_BLOCK_CIPHER_NO_DECRYPT Signed-off-by: Yanray Wang --- include/mbedtls/check_config.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index c580bf792..436ca0592 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -184,11 +184,12 @@ #endif #if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) && \ - (!defined(MBEDTLS_PSA_CRYPTO_CONFIG) || \ (defined(MBEDTLS_CIPHER_MODE_CBC) || \ defined(MBEDTLS_CIPHER_MODE_XTS) || \ - defined(MBEDTLS_NIST_KW_C))) -#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT defined, but not all prerequisites" + defined(MBEDTLS_DES_C) || \ + defined(MBEDTLS_NIST_KW_C)) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_CIPHER_MODE_CBC/MBEDTLS_CIPHER_MODE_XTS/MBEDTLS_DES_C/MBEDTLS_NIST_KW_C \ +cannot be defined simultaneously" #endif #if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C) From 66111393e4a8b8f4801c42e0e7c337df839ae913 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 31 Oct 2023 18:54:54 +0800 Subject: [PATCH 30/61] all.sh: modify components to test BLOCK_CIPHER_NO_DECRYPT Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 97 ++++++++++++++++++-------------------------- 1 file changed, 39 insertions(+), 58 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2540b5e49..4daae6c41 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4488,25 +4488,19 @@ component_test_aes_fewer_tables_and_rom_tables () { make test } -component_test_cipher_encrypt_only_aesni () { - # pre-setup to implicitly enable CIPHER_ENCRYPT_ONLY - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG +component_test_block_cipher_no_decrypt_aesni () { + # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs + scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C - echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' > psa_cipher_encrypt_only.h - echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h - echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h - echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h - # test AESNI intrinsics scripts/config.py set MBEDTLS_AESNI_C - msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI intrinsics" + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" make clean - make CC=gcc CFLAGS="-Werror -Wall -Wextra -mpclmul -msse2 -maes \ - -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA not grep mbedtls_aes_setkey_dec library/aes.o @@ -4515,18 +4509,17 @@ component_test_cipher_encrypt_only_aesni () { # Make sure we don't have mbedtls_internal_aes_decrypt in AES not grep mbedtls_internal_aes_decrypt library/aes.o - msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI intrinsics" + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" make test - msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI intrinsics" + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" programs/test/selftest # test AESNI assembly scripts/config.py set MBEDTLS_AESNI_C - msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI assembly" + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" make clean - make CC=gcc CFLAGS="-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes \ - -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes' # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA not grep mbedtls_aes_setkey_dec library/aes.o @@ -4535,18 +4528,17 @@ component_test_cipher_encrypt_only_aesni () { # Make sure we don't have mbedtls_internal_aes_decrypt in AES not grep mbedtls_internal_aes_decrypt library/aes.o - msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI assembly" + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" make test - msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI assembly" + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" programs/test/selftest # test AES C implementation - msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AES C Implementation" + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" scripts/config.py unset MBEDTLS_AESNI_C make clean - make CC=gcc CFLAGS="-Werror -Wall -Wextra \ - -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + make CC=gcc CFLAGS='-Werror -Wall -Wextra' # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA not grep mbedtls_aes_setkey_dec library/aes.o @@ -4555,35 +4547,27 @@ component_test_cipher_encrypt_only_aesni () { # Make sure we don't have mbedtls_internal_aes_decrypt in AES not grep mbedtls_internal_aes_decrypt library/aes.o - msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AES C Implementation" + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" make test - msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY with AES C Implementation" + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" programs/test/selftest - - rm -f psa_cipher_encrypt_only.h } -component_test_cipher_encrypt_only_aesni_m32 () { - # pre-setup to implicitly enable CIPHER_ENCRYPT_ONLY - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG +component_test_block_cipher_no_decrypt_aesni_m32 () { + # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs + scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C - echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' > psa_cipher_encrypt_only.h - echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h - echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h - echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h - # test AESNI intrinsics for i386 with VIA PADLOCK scripts/config.py set MBEDTLS_AESNI_C scripts/config.py set MBEDTLS_PADLOCK_C - msg "build: implicitly enable CIPHER_ENCRYPT_ONLY for i386 with VIA PADLOCK" + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" make clean - make CC=gcc LDFLAGS='-m32' CFLAGS="-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes\ - -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + make CC=gcc LDFLAGS='-m32' CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA not grep mbedtls_aes_setkey_dec library/aes.o @@ -4592,19 +4576,18 @@ component_test_cipher_encrypt_only_aesni_m32 () { # Make sure we don't have mbedtls_internal_aes_decrypt in AES not grep mbedtls_internal_aes_decrypt library/aes.o - msg "test: implicitly enable CIPHER_ENCRYPT_ONLY for i386 with VIA PADLOCK" + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" make test - msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY for i386 with VIA PADLOCK" + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" programs/test/selftest # test AESNI intrinsics for i386 without VIA PADLOCK scripts/config.py set MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_PADLOCK_C - msg "build: implicitly enable CIPHER_ENCRYPT_ONLY for i386 without VIA PADLOCK" + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" make clean - make CC=gcc LDFLAGS='-m32' CFLAGS="-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes\ - -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + make CC=gcc LDFLAGS='-m32' CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA not grep mbedtls_aes_setkey_dec library/aes.o @@ -4613,21 +4596,19 @@ component_test_cipher_encrypt_only_aesni_m32 () { # Make sure we don't have mbedtls_internal_aes_decrypt in AES not grep mbedtls_internal_aes_decrypt library/aes.o - msg "test: implicitly enable CIPHER_ENCRYPT_ONLY for i386 without VIA PADLOCK" + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" make test - msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY for i386 without VIA PADLOCK" + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" programs/test/selftest - - rm -f psa_cipher_encrypt_only.h } -support_test_cipher_encrypt_only_aesce_armcc () { +support_test_block_cipher_no_decrypt_aesce_armcc () { armc6_cc="$ARMC6_BIN_DIR/armclang" (check_tools "$armc6_cc" > /dev/null 2>&1) } -component_test_cipher_encrypt_only_aesce_armcc () { +component_test_block_cipher_no_decrypt_aesce_armcc () { scripts/config.py baremetal # armc[56] don't support SHA-512 intrinsics @@ -4642,23 +4623,25 @@ component_test_cipher_encrypt_only_aesce_armcc () { scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT scripts/config.py set MBEDTLS_HAVE_ASM - # pre-setup to implicitly enable CIPHER_ENCRYPT_ONLY - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs + scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C - echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' > psa_cipher_encrypt_only.h - echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h - echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h - echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h + # Enable support for cryptographic mechanisms through the PSA API. + # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES # test AESCE baremetal build scripts/config.py set MBEDTLS_AESCE_C - msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AESCE" - armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto \ - -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESCE" + armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto" # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA not grep mbedtls_aes_setkey_dec library/aes.o @@ -4666,8 +4649,6 @@ component_test_cipher_encrypt_only_aesce_armcc () { not grep mbedtls_camellia_setkey_dec library/camellia.o # Make sure we don't have mbedtls_internal_aes_decrypt in AES not grep mbedtls_internal_aes_decrypt library/aes.o - - rm -f psa_cipher_encrypt_only.h } component_test_ctr_drbg_aes_256_sha_256 () { From eefd2695d2d4dce2b8a4f71ad811cc1e6c18e5df Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 31 Oct 2023 19:09:01 +0800 Subject: [PATCH 31/61] test_suite_psa_crypto: add dependency for decrypt test cases If MBEDTLS_BLOCK_CIPHER_NO_DECRYPT, we can't test decrypt for AES-ECB, so adding this dependency for some test cases Signed-off-by: Yanray Wang --- tests/suites/test_suite_psa_crypto.data | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 7b1974865..5220b273e 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2271,11 +2271,11 @@ depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES cipher_alg_without_iv:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"" PSA symmetric encrypt: AES-ECB, 16 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_alg_without_iv:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":"3ad77bb40d7a3660a89ecaf32466ef97" PSA symmetric encrypt: AES-ECB, 32 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_alg_without_iv:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1" PSA symmetric encrypt: 2-key 3DES-ECB, 8 bytes, good @@ -2427,11 +2427,11 @@ depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":"" PSA symmetric decrypt: AES-ECB, 16 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654aa":"63cecc46a382414d5fa7d2b79387437f" PSA symmetric decrypt: AES-ECB, 32 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1":"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97" PSA symmetric decrypt: AES-CBC-nopad, 16 bytes, good @@ -2491,11 +2491,11 @@ depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":0:0:0:"":PSA_SUCCESS PSA symmetric decrypt multipart: AES-ECB, 16 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654aa":16:16:0:"63cecc46a382414d5fa7d2b79387437f":PSA_SUCCESS PSA symmetric decrypt multipart: AES-ECB, 32 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1":32:32:0:"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97":PSA_SUCCESS PSA symmetric decrypt multipart: AES-CBC-nopad, 16 bytes, good @@ -2551,7 +2551,7 @@ depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES cipher_decrypt_multipart:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9403aff859fbb":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134":10:10:14:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":PSA_SUCCESS PSA symmetric encrypt/decrypt: AES-ECB, 16 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_verify_output:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a" PSA symmetric encrypt/decrypt: AES-CBC-nopad, 16 bytes, good @@ -2663,15 +2663,15 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS PSA symmetric decryption multipart: AES-ECB, 16+16 bytes -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":16:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":PSA_SUCCESS PSA symmetric decryption multipart: AES-ECB, 11+21 bytes -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":11:0:32:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":PSA_SUCCESS PSA symmetric decryption multipart: AES-ECB, 28+4 bytes -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":28:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":PSA_SUCCESS PSA symmetric decryption multipart: AES-CBC-nopad, 7+9 bytes @@ -2735,7 +2735,7 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS PSA symmetric encrypt/decrypt multipart: AES-ECB, 16 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_verify_output_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":16 PSA symmetric encrypt/decrypt multipart: AES-CBC-nopad, 16 bytes, good From 6b190d4f276b6b28028789f4506962ea32a981f9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 1 Nov 2023 13:44:14 +0800 Subject: [PATCH 32/61] psa_information.py: generate dep for AES/ARIA/CAMELLIA ECB test case Signed-off-by: Yanray Wang --- scripts/mbedtls_dev/psa_information.py | 34 +++++++++++++++++--------- tests/scripts/generate_psa_tests.py | 3 ++- 2 files changed, 24 insertions(+), 13 deletions(-) diff --git a/scripts/mbedtls_dev/psa_information.py b/scripts/mbedtls_dev/psa_information.py index a82df41df..3c51ee150 100644 --- a/scripts/mbedtls_dev/psa_information.py +++ b/scripts/mbedtls_dev/psa_information.py @@ -17,7 +17,8 @@ # limitations under the License. import re -from typing import Dict, FrozenSet, List, Optional +from collections import OrderedDict +from typing import FrozenSet, List, Optional from . import macro_collector @@ -97,22 +98,31 @@ def automatic_dependencies(*expressions: str) -> List[str]: return sorted(psa_want_symbol(name) for name in used) # Define set of regular expressions and dependencies to optionally append -# extra dependencies for test case. +# extra dependencies for test case based on key description. + +# Skip AES test cases which require 192- or 256-bit key +# if MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH defined AES_128BIT_ONLY_DEP_REGEX = r'AES\s(192|256)' -AES_128BIT_ONLY_DEP = ["!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"] +AES_128BIT_ONLY_DEP = ['!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH'] +# Skip AES/ARIA/CAMELLIA test cases which require decrypt operation in ECB mode +# if MBEDTLS_BLOCK_CIPHER_NO_DECRYPT enabled. +ECB_NO_PADDING_DEP_REGEX = r'(AES|ARIA|CAMELLIA).*ECB_NO_PADDING' +ECB_NO_PADDING_DEP = ['!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT'] -DEPENDENCY_FROM_KEY = { - AES_128BIT_ONLY_DEP_REGEX: AES_128BIT_ONLY_DEP -}#type: Dict[str, List[str]] -def generate_key_dependencies(description: str) -> List[str]: - """Return additional dependencies based on pairs of REGEX and dependencies. +DEPENDENCY_FROM_DESCRIPTION = OrderedDict() +DEPENDENCY_FROM_DESCRIPTION[AES_128BIT_ONLY_DEP_REGEX] = AES_128BIT_ONLY_DEP +DEPENDENCY_FROM_DESCRIPTION[ECB_NO_PADDING_DEP_REGEX] = ECB_NO_PADDING_DEP +def generate_description_dependencies( + dep_list: List[str], + description: str + ) -> List[str]: + """Return additional dependencies based on test case description and REGEX. """ - deps = [] - for regex, dep in DEPENDENCY_FROM_KEY.items(): + for regex, deps in DEPENDENCY_FROM_DESCRIPTION.items(): if re.search(regex, description): - deps += dep + dep_list += deps - return deps + return dep_list # A temporary hack: at the time of writing, not all dependency symbols # are implemented yet. Skip test cases for which the dependency symbols are diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index b6f83c111..04c36f7f9 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -508,7 +508,8 @@ class StorageFormat: key.alg.string, key.alg2.string, ) dependencies = psa_information.finish_family_dependencies(dependencies, key.bits) - dependencies += psa_information.generate_key_dependencies(key.description) + dependencies = psa_information.generate_description_dependencies(dependencies, + key.description) dependencies = psa_information.fix_key_pair_dependencies(dependencies, 'BASIC') tc.set_dependencies(dependencies) tc.set_function('key_storage_' + verb) From be0890856472517b58bd6a3ea6dbb2ef9fe9113b Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 1 Nov 2023 14:06:30 +0800 Subject: [PATCH 33/61] config.py: exclude MBEDTLS_BLOCK_CIPHER_NO_DECRYPT from full Signed-off-by: Yanray Wang --- scripts/config.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/config.py b/scripts/config.py index 17fbe653a..b1ace279b 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -191,6 +191,7 @@ EXCLUDE_FROM_FULL = frozenset([ #pylint: disable=line-too-long 'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_AES_USE_HARDWARE_ONLY', # hardware dependency + 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with DES/CBC/XTS/NIST_KW 'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256 'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options From f24bbd987a62ce445e48f3178f1ba27e9ce1df55 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 1 Nov 2023 14:47:14 +0800 Subject: [PATCH 34/61] dh_client.c: modify prompt message Signed-off-by: Yanray Wang --- programs/pkey/dh_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 0d4172bb1..08eb549b3 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -60,7 +60,7 @@ int main(void) #elif defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) int main(void) { - mbedtls_printf("MBEDTLS_BLOCK_CIPHER_NO_DECRYPT implicitly defined.\n"); + mbedtls_printf("MBEDTLS_BLOCK_CIPHER_NO_DECRYPT defined.\n"); mbedtls_exit(0); } #else From de0e2599ad8a2ba5c8c4c64a5ef4b12de591347b Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 1 Nov 2023 15:44:27 +0800 Subject: [PATCH 35/61] cipher_wrap.c: remove unnecessary NO_DECRYPT guard for DES Signed-off-by: Yanray Wang --- library/cipher_wrap.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index b44ca9c3b..a21e37023 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -1625,7 +1625,6 @@ static int des3_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t } #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int des_setkey_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1633,7 +1632,6 @@ static int des_setkey_dec_wrap(void *ctx, const unsigned char *key, return mbedtls_des_setkey_dec((mbedtls_des_context *) ctx, key); } -#endif static int des_setkey_enc_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) @@ -1643,7 +1641,6 @@ static int des_setkey_enc_wrap(void *ctx, const unsigned char *key, return mbedtls_des_setkey_enc((mbedtls_des_context *) ctx, key); } -#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int des3_set2key_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1651,7 +1648,6 @@ static int des3_set2key_dec_wrap(void *ctx, const unsigned char *key, return mbedtls_des3_set2key_dec((mbedtls_des3_context *) ctx, key); } -#endif static int des3_set2key_enc_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) @@ -1661,7 +1657,6 @@ static int des3_set2key_enc_wrap(void *ctx, const unsigned char *key, return mbedtls_des3_set2key_enc((mbedtls_des3_context *) ctx, key); } -#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int des3_set3key_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1669,7 +1664,6 @@ static int des3_set3key_dec_wrap(void *ctx, const unsigned char *key, return mbedtls_des3_set3key_dec((mbedtls_des3_context *) ctx, key); } -#endif static int des3_set3key_enc_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) @@ -1740,9 +1734,7 @@ static const mbedtls_cipher_base_t des_info = { NULL, #endif des_setkey_enc_wrap, -#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) des_setkey_dec_wrap, -#endif des_ctx_alloc, des_ctx_free }; @@ -1793,9 +1785,7 @@ static const mbedtls_cipher_base_t des_ede_info = { NULL, #endif des3_set2key_enc_wrap, -#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) des3_set2key_dec_wrap, -#endif des3_ctx_alloc, des3_ctx_free }; @@ -1846,9 +1836,7 @@ static const mbedtls_cipher_base_t des_ede3_info = { NULL, #endif des3_set3key_enc_wrap, -#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) des3_set3key_dec_wrap, -#endif des3_ctx_alloc, des3_ctx_free }; From f1496400210f56944ab07b368f484009a28674ee Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 1 Nov 2023 18:55:13 +0800 Subject: [PATCH 36/61] all.sh: add components to test BLOCK_CIPHER_NO_DECRYPT with PSA Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 135 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 133 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4daae6c41..fe3332c9d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4488,7 +4488,7 @@ component_test_aes_fewer_tables_and_rom_tables () { make test } -component_test_block_cipher_no_decrypt_aesni () { +component_test_block_cipher_no_decrypt_aesni_legacy () { # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC @@ -4554,7 +4554,7 @@ component_test_block_cipher_no_decrypt_aesni () { programs/test/selftest } -component_test_block_cipher_no_decrypt_aesni_m32 () { +component_test_block_cipher_no_decrypt_aesni_use_psa () { # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC @@ -4562,6 +4562,137 @@ component_test_block_cipher_no_decrypt_aesni_m32 () { scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C + # Enable support for cryptographic mechanisms through the PSA API. + # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES + + # test AESNI intrinsics + scripts/config.py set MBEDTLS_AESNI_C + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" + make clean + make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' + + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" + make test + + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" + programs/test/selftest + + # test AESNI assembly + scripts/config.py set MBEDTLS_AESNI_C + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" + make clean + make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes' + + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" + make test + + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" + programs/test/selftest + + # test AES C implementation + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" + scripts/config.py unset MBEDTLS_AESNI_C + make clean + make CC=gcc CFLAGS='-Werror -Wall -Wextra' + + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" + make test + + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" + programs/test/selftest +} + +component_test_block_cipher_no_decrypt_aesni_m32_legacy () { + # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs + scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC + scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_DES_C + scripts/config.py unset MBEDTLS_NIST_KW_C + + # test AESNI intrinsics for i386 with VIA PADLOCK + scripts/config.py set MBEDTLS_AESNI_C + scripts/config.py set MBEDTLS_PADLOCK_C + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" + make clean + make CC=gcc LDFLAGS='-m32' CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' + + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" + make test + + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" + programs/test/selftest + + # test AESNI intrinsics for i386 without VIA PADLOCK + scripts/config.py set MBEDTLS_AESNI_C + scripts/config.py unset MBEDTLS_PADLOCK_C + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" + make clean + make CC=gcc LDFLAGS='-m32' CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' + + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" + make test + + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" + programs/test/selftest +} + +component_test_block_cipher_no_decrypt_aesni_m32_use_psa () { + # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs + scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC + scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_DES_C + scripts/config.py unset MBEDTLS_NIST_KW_C + + # Enable support for cryptographic mechanisms through the PSA API. + # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES + # test AESNI intrinsics for i386 with VIA PADLOCK scripts/config.py set MBEDTLS_AESNI_C scripts/config.py set MBEDTLS_PADLOCK_C From 956aa00202d95540733898db96e44bc0dfa38a73 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 1 Nov 2023 19:15:16 +0800 Subject: [PATCH 37/61] check_config: add checks for MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with PSA Signed-off-by: Yanray Wang --- include/mbedtls/check_config.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 436ca0592..0abe8ae66 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -192,6 +192,16 @@ cannot be defined simultaneously" #endif +#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ + (defined(PSA_WANT_ALG_CBC_NO_PADDING) || \ + defined(PSA_WANT_ALG_CBC_PKCS7) || \ + defined(PSA_WANT_ALG_ECB_NO_PADDING) || \ + defined(PSA_WANT_KEY_TYPE_DES)) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT, MBEDTLS_PSA_CRYPTO_CONFIG and \ +PSA_WANT_ALG_CBC_NO_PADDING/PSA_WANT_ALG_CBC_PKCS7/PSA_WANT_ALG_ECB_NO_PADDING/PSA_WANT_KEY_TYPE_DES cannot be defined simultaneously" +#endif + #if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C) #error "MBEDTLS_ECDH_C defined, but not all prerequisites" #endif From 0d76b6ef761b4bf7bc2286d262d46f5aa8c5885f Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 2 Nov 2023 11:54:39 +0800 Subject: [PATCH 38/61] Return an error if asking for decrypt under BLOCK_CIPHER_NO_DECRYPT If MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled, but decryption is still requested in some incompatible modes, we return an error of FEATURE_UNAVAILABLE as additional indication. Signed-off-by: Yanray Wang --- include/mbedtls/aes.h | 2 ++ library/aes.c | 7 ++++--- library/aesce.c | 9 ++++----- library/aesni.c | 19 +++++++++---------- library/cipher.c | 21 +++++++++++++++++---- library/psa_crypto.c | 1 + 6 files changed, 37 insertions(+), 22 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index c53f817c1..c43134d45 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -60,6 +60,8 @@ /* Error codes in range 0x0021-0x0025 */ /** Invalid input data. */ #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 +/** The requested feature is not available. */ +#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 #ifdef __cplusplus extern "C" { diff --git a/library/aes.c b/library/aes.c index 940ea0296..29a193e70 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1061,15 +1061,16 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, #endif #if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) -#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (mode == MBEDTLS_AES_ENCRYPT) { return mbedtls_internal_aes_encrypt(ctx, input, output); } else { +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) return mbedtls_internal_aes_decrypt(ctx, input, output); - } #else - return mbedtls_internal_aes_encrypt(ctx, input, output); + return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE; #endif + } + return mbedtls_internal_aes_encrypt(ctx, input, output); #endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ } diff --git a/library/aesce.c b/library/aesce.c index 79c02e367..5883e6a83 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -244,16 +244,15 @@ int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, uint8x16_t block = vld1q_u8(&input[0]); unsigned char *keys = (unsigned char *) (ctx->buf + ctx->rk_offset); -#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (mode == MBEDTLS_AES_ENCRYPT) { block = aesce_encrypt_block(block, keys, ctx->nr); } else { +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) block = aesce_decrypt_block(block, keys, ctx->nr); - } #else - (void) mode; - block = aesce_encrypt_block(block, keys, ctx->nr); -#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ + return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE; +#endif + } vst1q_u8(&output[0], block); return 0; diff --git a/library/aesni.c b/library/aesni.c index 0c509acc0..6c917daec 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -93,7 +93,6 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, ++rk; --nr; -#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (mode == MBEDTLS_AES_ENCRYPT) { while (nr != 0) { state = _mm_aesenc_si128(state, *rk); @@ -102,23 +101,17 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, } state = _mm_aesenclast_si128(state, *rk); } else { +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) while (nr != 0) { state = _mm_aesdec_si128(state, *rk); ++rk; --nr; } state = _mm_aesdeclast_si128(state, *rk); - } #else - (void) mode; - while (nr != 0) { - - state = _mm_aesenc_si128(state, *rk); - ++rk; - --nr; + return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE; +#endif } - state = _mm_aesenclast_si128(state, *rk); -#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ memcpy(output, &state, 16); return 0; @@ -452,6 +445,12 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) { +#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) + if (mode == MBEDTLS_AES_DECRYPT) { + return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE; + } +#endif + asm ("movdqu (%3), %%xmm0 \n\t" // load input "movdqu (%1), %%xmm1 \n\t" // load round key 0 "pxor %%xmm1, %%xmm0 \n\t" // round 0 diff --git a/library/cipher.c b/library/cipher.c index 60c13a9f7..de55efa78 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -319,6 +319,17 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, if (ctx->cipher_info == NULL) { return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } +#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) + /* CBC, XTS, KW and KWP mode always need decryption, return an error to + * indicate those modes are not available under + * MBEDTLS_BLOCK_CIPHER_NO_DECRYPT. */ + if (MBEDTLS_MODE_CBC == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) || + MBEDTLS_MODE_XTS == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) || + MBEDTLS_MODE_KW == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) || + MBEDTLS_MODE_KWP == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) { + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + } +#endif #if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED) if (ctx->psa_enabled == 1) { @@ -402,12 +413,14 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_dec_func(ctx->cipher_ctx, key, ctx->key_bitlen); } +#else + if (operation == MBEDTLS_ENCRYPT || operation == MBEDTLS_DECRYPT) { + return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_enc_func(ctx->cipher_ctx, key, + ctx->key_bitlen); + } +#endif return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; -#else - return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_enc_func(ctx->cipher_ctx, key, - ctx->key_bitlen); -#endif } int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx, diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1faf1dd6c..2ada2eb72 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -157,6 +157,7 @@ psa_status_t mbedtls_to_psa_error(int ret) #if defined(MBEDTLS_AES_C) case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH: case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH: + case MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE: return PSA_ERROR_NOT_SUPPORTED; case MBEDTLS_ERR_AES_BAD_INPUT_DATA: return PSA_ERROR_INVALID_ARGUMENT; From 53479573a053323f4217b58d8594e4e680d077e2 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 2 Nov 2023 13:41:11 +0800 Subject: [PATCH 39/61] ChangeLog: rewrite ChangeLog for block-cipher-no-decrypt Signed-off-by: Yanray Wang --- ChangeLog.d/add-block-cipher-no-decrypt.txt | 6 ++++++ ChangeLog.d/add-cipher-encrypt-only.txt | 7 ------- 2 files changed, 6 insertions(+), 7 deletions(-) create mode 100644 ChangeLog.d/add-block-cipher-no-decrypt.txt delete mode 100644 ChangeLog.d/add-cipher-encrypt-only.txt diff --git a/ChangeLog.d/add-block-cipher-no-decrypt.txt b/ChangeLog.d/add-block-cipher-no-decrypt.txt new file mode 100644 index 000000000..755eda35a --- /dev/null +++ b/ChangeLog.d/add-block-cipher-no-decrypt.txt @@ -0,0 +1,6 @@ +Features + * Add support to remove decryption operation for cipher type of AES, ARIA + and CAMELLIA. A new configuration option, MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + can be used to enable this feature. + Note that this configuration option is incompatible with MBEDTLS_DES_C, + MBEDTLS_CIPHER_MODE_CBC, MBEDTLS_CIPHER_MODE_XTS and MBEDTLS_NIST_KW_C. diff --git a/ChangeLog.d/add-cipher-encrypt-only.txt b/ChangeLog.d/add-cipher-encrypt-only.txt deleted file mode 100644 index d56c08da3..000000000 --- a/ChangeLog.d/add-cipher-encrypt-only.txt +++ /dev/null @@ -1,7 +0,0 @@ -Features - * Add support to remove xxx_setkey_dec and xxx_decrypt for cipher type of - AES, ARIA, CAMELLIA and DES. This is achieved by implicitly enabling - MBEDTLS_BLOCK_CIPHER_NO_DECRYPT when - - ECB and CBC cipher modes are not requested via the PSA API. - - ECB, CBC, XTS and KW are not enabled in the legacy API. - - DES is not requested in the PSA API and the legacy API. From bc29aefdea79712c94a13133a734955fbbfda192 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 6 Nov 2023 11:08:17 +0800 Subject: [PATCH 40/61] all.sh: test BLOCK_CIPHER_NO_DECRYPT in build_aes_variations Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fe3332c9d..d24ad9d10 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4011,6 +4011,7 @@ component_build_aes_variations() { # aes.o has many #if defined(...) guards that intersect in complex ways. # Test that all the combinations build cleanly. + MBEDTLS_ROOT_DIR="$PWD" msg "build: aes.o for all combinations of relevant config options" build_test_config_combos library/aes.o validate_aes_config_variations \ @@ -4018,6 +4019,24 @@ component_build_aes_variations() { "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \ "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" + + cd "$MBEDTLS_ROOT_DIR" + msg "build: aes.o for all combinations of relevant config options + BLOCK_CIPHER_NO_DECRYPT" + + # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with CBC/XTS/DES/NIST_KW, + # manually set or unset those configurations to check + # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o. + + scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC + scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_DES_C + scripts/config.py unset MBEDTLS_NIST_KW_C + build_test_config_combos library/aes.o validate_aes_config_variations \ + "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \ + "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \ + "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ + "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" } component_test_no_platform () { From 4995e0c31b70502119eda086f00878102efdffc8 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 7 Nov 2023 17:50:52 +0800 Subject: [PATCH 41/61] cipher.c: return error for ECB-decrypt under BLOCK_CIPHER_NO_DECRYPT - fix remaining dependency in test_suite_psa_crypto.data Signed-off-by: Yanray Wang --- library/cipher.c | 4 ++++ tests/suites/test_suite_psa_crypto.data | 10 +++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/library/cipher.c b/library/cipher.c index de55efa78..909324aae 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -329,6 +329,10 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, MBEDTLS_MODE_KWP == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) { return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } + if (MBEDTLS_MODE_ECB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) && + MBEDTLS_DECRYPT == operation) { + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + } #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 5220b273e..76dc3a836 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2267,7 +2267,7 @@ depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES cipher_encrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT PSA symmetric encrypt: AES-ECB, 0 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_alg_without_iv:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"" PSA symmetric encrypt: AES-ECB, 16 bytes, good @@ -2411,7 +2411,7 @@ depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_AES cipher_decrypt_fail:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":PSA_ERROR_INVALID_ARGUMENT PSA symmetric decrypt: AES-ECB, input too short (15 bytes) -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt_fail:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654":PSA_ERROR_INVALID_ARGUMENT PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes) @@ -2423,7 +2423,7 @@ depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:MBEDTLS_AES_C cipher_decrypt_fail:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"2a2a2a2a2a2a2a2a":PSA_ERROR_INVALID_ARGUMENT PSA symmetric decrypt: AES-ECB, 0 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":"" PSA symmetric decrypt: AES-ECB, 16 bytes, good @@ -2487,7 +2487,7 @@ depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20 cipher_decrypt:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"000000000000004a00000000":"fb6d7b60e9e67669b607a9b94a606bdca678d44f0ebf24cbd623efd69cc2bdc0f615ac19d0366a8d00e3d6728f5ee01d61d74ab77edc17a7621f2268eea12e656e2e359a2568f98041ba0728dd0d6981e97e7aec1d4360c20a27afccfd9fae0bf91b65c5524733ab8f593dabcd62b3571639d624e65152ab8f530c359f0861d807ca0dbf500d6a6156a38e088a22b65e52bc514d16ccf806818ce91ab77937365af90bbf74a35be6b40b8eedf2785e42874d":"546865205246432037353339207465737420766563746f72207573657320636f756e7465723d312c2062757420505341207573657320636f756e7465723d302e4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e" PSA symmetric decrypt multipart: AES-ECB, 0 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":0:0:0:"":PSA_SUCCESS PSA symmetric decrypt multipart: AES-ECB, 16 bytes, good @@ -2519,7 +2519,7 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":16:16:0:"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS PSA symmetric decrypt multipart: AES-ECB, input too short (15 bytes) -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654":0:0:0:"63cecc46a382414d5fa7d2b7938743":PSA_ERROR_INVALID_ARGUMENT PSA symmetric decrypt multipart: AES-CBC-nopad, input too short (5 bytes) From 004a60c08779170a081847ba29141a1b155a15e9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 8 Nov 2023 19:05:29 +0800 Subject: [PATCH 42/61] aes.c: remove non-functional code Signed-off-by: Yanray Wang --- library/aes.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/aes.c b/library/aes.c index 29a193e70..fa73a6362 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1070,7 +1070,6 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE; #endif } - return mbedtls_internal_aes_encrypt(ctx, input, output); #endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ } From d137da5a93bf3e6d68fd94910e3a00a440efd8af Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 8 Nov 2023 19:12:23 +0800 Subject: [PATCH 43/61] check_config: make error message in BLOCK_CIPHER_NO_DECRYPT clearer Signed-off-by: Yanray Wang --- include/mbedtls/check_config.h | 41 +++++++++++++++++++++------------- 1 file changed, 26 insertions(+), 15 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 0abe8ae66..d76f4f717 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -183,23 +183,34 @@ #error "MBEDTLS_NIST_KW_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) && \ - (defined(MBEDTLS_CIPHER_MODE_CBC) || \ - defined(MBEDTLS_CIPHER_MODE_XTS) || \ - defined(MBEDTLS_DES_C) || \ - defined(MBEDTLS_NIST_KW_C)) -#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_CIPHER_MODE_CBC/MBEDTLS_CIPHER_MODE_XTS/MBEDTLS_DES_C/MBEDTLS_NIST_KW_C \ -cannot be defined simultaneously" +#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(PSA_WANT_ALG_CBC_NO_PADDING) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_CBC_NO_PADDING cannot be defined simultaneously" +#endif +#if defined(PSA_WANT_ALG_CBC_PKCS7) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_CBC_PKCS7 cannot be defined simultaneously" +#endif +#if defined(PSA_WANT_ALG_ECB_NO_PADDING) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_ECB_NO_PADDING cannot be defined simultaneously" +#endif +#if defined(PSA_WANT_KEY_TYPE_DES) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_KEY_TYPE_DES cannot be defined simultaneously" +#endif #endif -#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - (defined(PSA_WANT_ALG_CBC_NO_PADDING) || \ - defined(PSA_WANT_ALG_CBC_PKCS7) || \ - defined(PSA_WANT_ALG_ECB_NO_PADDING) || \ - defined(PSA_WANT_KEY_TYPE_DES)) -#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT, MBEDTLS_PSA_CRYPTO_CONFIG and \ -PSA_WANT_ALG_CBC_NO_PADDING/PSA_WANT_ALG_CBC_PKCS7/PSA_WANT_ALG_ECB_NO_PADDING/PSA_WANT_KEY_TYPE_DES cannot be defined simultaneously" +#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) +#if defined(MBEDTLS_CIPHER_MODE_CBC) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_CIPHER_MODE_CBC cannot be defined simultaneously" +#endif +#if defined(MBEDTLS_CIPHER_MODE_XTS) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_CIPHER_MODE_XTS cannot be defined simultaneously" +#endif +#if defined(MBEDTLS_DES_C) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_DES_C cannot be defined simultaneously" +#endif +#if defined(MBEDTLS_NIST_KW_C) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_NIST_KW_C cannot be defined simultaneously" +#endif #endif #if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C) From f03b49122c75e5b10a3c99016f329899d68114c9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 9 Nov 2023 11:23:17 +0800 Subject: [PATCH 44/61] aes.c: guard RSb and RTx properly If we enabled AES_DECRYPT_ALT and either AES_SETKEY_DEC_ALT or AES_USE_HARDWARE_ONLY, this means RSb and RTx are not needed. This commit extends how we guard RSb and RTx for the combinations of these configurations. Signed-off-by: Yanray Wang --- library/aes.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/library/aes.c b/library/aes.c index fa73a6362..9dc7b7d14 100644 --- a/library/aes.c +++ b/library/aes.c @@ -66,7 +66,12 @@ #include "mbedtls/platform.h" -#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ +/* + * This is a convenience shorthand macro to check if we need reverse S-box and + * reverse tables. It's private and only defined in this file. + */ +#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || \ + (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY))) && \ !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) #define MBEDTLS_AES_NEED_REVERSE_TABLES #endif @@ -447,7 +452,6 @@ MBEDTLS_MAYBE_UNUSED static void aes_gen_tables(void) #if defined(MBEDTLS_AES_NEED_REVERSE_TABLES) x = RSb[i]; -#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) RT0[i] = ((uint32_t) MUL(0x0E, x)) ^ ((uint32_t) MUL(0x09, x) << 8) ^ ((uint32_t) MUL(0x0D, x) << 16) ^ @@ -458,7 +462,6 @@ MBEDTLS_MAYBE_UNUSED static void aes_gen_tables(void) RT2[i] = ROTL8(RT1[i]); RT3[i] = ROTL8(RT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ #endif /* MBEDTLS_AES_NEED_REVERSE_TABLES */ } } From 70743b02dfaa08fc034665058bc30374eaf3ce41 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 9 Nov 2023 16:13:53 +0800 Subject: [PATCH 45/61] psa_information: compile a regex instead of using string directly Compiling a regex improves performance and avoids accidentally combining it with a string. This commit makes this change. Signed-off-by: Yanray Wang --- scripts/mbedtls_dev/psa_information.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/mbedtls_dev/psa_information.py b/scripts/mbedtls_dev/psa_information.py index 3c51ee150..2287ae13e 100644 --- a/scripts/mbedtls_dev/psa_information.py +++ b/scripts/mbedtls_dev/psa_information.py @@ -102,11 +102,11 @@ def automatic_dependencies(*expressions: str) -> List[str]: # Skip AES test cases which require 192- or 256-bit key # if MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH defined -AES_128BIT_ONLY_DEP_REGEX = r'AES\s(192|256)' +AES_128BIT_ONLY_DEP_REGEX = re.compile(r'AES\s(192|256)') AES_128BIT_ONLY_DEP = ['!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH'] # Skip AES/ARIA/CAMELLIA test cases which require decrypt operation in ECB mode # if MBEDTLS_BLOCK_CIPHER_NO_DECRYPT enabled. -ECB_NO_PADDING_DEP_REGEX = r'(AES|ARIA|CAMELLIA).*ECB_NO_PADDING' +ECB_NO_PADDING_DEP_REGEX = re.compile(r'(AES|ARIA|CAMELLIA).*ECB_NO_PADDING') ECB_NO_PADDING_DEP = ['!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT'] DEPENDENCY_FROM_DESCRIPTION = OrderedDict() From 99385545773005551e424c973f0879e1453e20b5 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 9 Nov 2023 16:45:52 +0800 Subject: [PATCH 46/61] BLOCK_CIPHER_NO_DECRYPT: rephrase ChangeLog Signed-off-by: Yanray Wang --- ChangeLog.d/add-block-cipher-no-decrypt.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog.d/add-block-cipher-no-decrypt.txt b/ChangeLog.d/add-block-cipher-no-decrypt.txt index 755eda35a..d05bf86ba 100644 --- a/ChangeLog.d/add-block-cipher-no-decrypt.txt +++ b/ChangeLog.d/add-block-cipher-no-decrypt.txt @@ -1,6 +1,6 @@ Features - * Add support to remove decryption operation for cipher type of AES, ARIA - and CAMELLIA. A new configuration option, MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - can be used to enable this feature. - Note that this configuration option is incompatible with MBEDTLS_DES_C, - MBEDTLS_CIPHER_MODE_CBC, MBEDTLS_CIPHER_MODE_XTS and MBEDTLS_NIST_KW_C. + * Enable the new option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT to omit + the decryption direction of block ciphers (AES, ARIA, Camellia). + This affects both the low-level modules and the high-level APIs + (the cipher and PSA interfaces). This option is incompatible with modes + that use the decryption direction (ECB in PSA, CBC, XTS, KW) and with DES. From 49cd4b5f7d5f710412600526b0352a9b0d139bd4 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 10 Nov 2023 11:58:37 +0800 Subject: [PATCH 47/61] all.sh: refine and simplify component for block_cipher_no_decrypt Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 307 +++++++++++++------------------------------ 1 file changed, 89 insertions(+), 218 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d24ad9d10..937a8ea86 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4507,6 +4507,93 @@ component_test_aes_fewer_tables_and_rom_tables () { make test } +# helper for common_block_cipher_no_decrypt() which: +# - enable/disable the list of config options passed from -s/-u respectively. +# - build +# - test for tests_suite_xxx +# - selftest +# +# Usage: helper_block_cipher_no_decrypt_build_test +# [-s set_opts] [-u unset_opts] [-c cflags] [-l ldflags] [option [...]] +# Options: -s set_opts the list of config options to enable +# -u unset_opts the list of config options to disable +# -c cflags the list of options passed to CFLAGS +# -l ldflags the list of options passed to LDFLAGS +helper_block_cipher_no_decrypt_build_test () { + while [ $# -gt 0 ]; do + case "$1" in + -s) + shift; local set_opts="$1";; + -u) + shift; local unset_opts="$1";; + -c) + shift; local cflags="$1";; + -l) + shift; local ldflags="$1";; + esac + shift + done + set_opts="${set_opts:-}" + unset_opts="${unset_opts:-}" + cflags="${cflags:-}" + ldflags="${ldflags:-}" + + for opt in $set_opts; do + echo "Enabling $opt" + scripts/config.py set $opt + done + for opt in $unset_opts; do + echo "Disabling $opt" + scripts/config.py unset $opt + done + + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" + make clean + make CC=gcc CFLAGS="$cflags" LDFLAGS="$ldflags" + + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" + make test + + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" + programs/test/selftest +} + +# This is a common configuration function used in: +# - component_test_block_cipher_no_decrypt_aesni_legacy() +# - component_test_block_cipher_no_decrypt_aesni_use_psa() +# in order to test BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics, +# AESNI assembly and AES C implementation on x86_64 and with AESNI intrinsics +# on x86. +common_block_cipher_no_decrypt () { + # test AESNI intrinsics + helper_block_cipher_no_decrypt_build_test \ + -s "MBEDTLS_AESNI_C" \ + -c "-Werror -Wall -Wextra -mpclmul -msse2 -maes" + + # test AESNI assembly + helper_block_cipher_no_decrypt_build_test \ + -s "MBEDTLS_AESNI_C" \ + -c "-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes" + + # test AES C implementation + helper_block_cipher_no_decrypt_build_test \ + -u "MBEDTLS_AESNI_C" \ + -c "-Werror -Wall -Wextra" + + # test AESNI intrinsics for i386 target + helper_block_cipher_no_decrypt_build_test \ + -s "MBEDTLS_AESNI_C" \ + -c "-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes" \ + -l "-m32" +} + component_test_block_cipher_no_decrypt_aesni_legacy () { # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT @@ -4515,62 +4602,7 @@ component_test_block_cipher_no_decrypt_aesni_legacy () { scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C - # test AESNI intrinsics - scripts/config.py set MBEDTLS_AESNI_C - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" - programs/test/selftest - - # test AESNI assembly - scripts/config.py set MBEDTLS_AESNI_C - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" - programs/test/selftest - - # test AES C implementation - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" - scripts/config.py unset MBEDTLS_AESNI_C - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" - programs/test/selftest + common_block_cipher_no_decrypt } component_test_block_cipher_no_decrypt_aesni_use_psa () { @@ -4589,168 +4621,7 @@ component_test_block_cipher_no_decrypt_aesni_use_psa () { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES - # test AESNI intrinsics - scripts/config.py set MBEDTLS_AESNI_C - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" - programs/test/selftest - - # test AESNI assembly - scripts/config.py set MBEDTLS_AESNI_C - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" - programs/test/selftest - - # test AES C implementation - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" - scripts/config.py unset MBEDTLS_AESNI_C - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" - programs/test/selftest -} - -component_test_block_cipher_no_decrypt_aesni_m32_legacy () { - # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs - scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS - scripts/config.py unset MBEDTLS_DES_C - scripts/config.py unset MBEDTLS_NIST_KW_C - - # test AESNI intrinsics for i386 with VIA PADLOCK - scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py set MBEDTLS_PADLOCK_C - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" - make clean - make CC=gcc LDFLAGS='-m32' CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" - programs/test/selftest - - # test AESNI intrinsics for i386 without VIA PADLOCK - scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_PADLOCK_C - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" - make clean - make CC=gcc LDFLAGS='-m32' CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" - programs/test/selftest -} - -component_test_block_cipher_no_decrypt_aesni_m32_use_psa () { - # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs - scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS - scripts/config.py unset MBEDTLS_DES_C - scripts/config.py unset MBEDTLS_NIST_KW_C - - # Enable support for cryptographic mechanisms through the PSA API. - # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES - - # test AESNI intrinsics for i386 with VIA PADLOCK - scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py set MBEDTLS_PADLOCK_C - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" - make clean - make CC=gcc LDFLAGS='-m32' CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" - programs/test/selftest - - # test AESNI intrinsics for i386 without VIA PADLOCK - scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_PADLOCK_C - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" - make clean - make CC=gcc LDFLAGS='-m32' CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" - programs/test/selftest + common_block_cipher_no_decrypt } support_test_block_cipher_no_decrypt_aesce_armcc () { From 4cd1b1617d37fe66aef848996363648ef9ab7687 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 10 Nov 2023 12:18:29 +0800 Subject: [PATCH 48/61] all.sh: check additional symbols in asece for block_cipher_no_decrypt check - mbedtls_aesce_inverse_key - aesce_decrypt_block Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 937a8ea86..ad443da77 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4670,6 +4670,9 @@ component_test_block_cipher_no_decrypt_aesce_armcc () { not grep mbedtls_camellia_setkey_dec library/camellia.o # Make sure we don't have mbedtls_internal_aes_decrypt in AES not grep mbedtls_internal_aes_decrypt library/aes.o + # Make sure we don't have mbedtls_aesce_inverse_key and aesce_decrypt_block in aesce + not grep mbedtls_aesce_inverse_key library/aesce.o + not grep aesce_decrypt_block library/aesce.o } component_test_ctr_drbg_aes_256_sha_256 () { From 799bd84b0d50790a335d2ba9930687b3fb4f9df7 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 10 Nov 2023 12:21:35 +0800 Subject: [PATCH 49/61] all.sh: resue support_build_armcc for *_armcc test For time being, pre_check_tools check armcc and armclang together. Therefore, we can resue support_build_armcc even if the test only needs armclang. Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ad443da77..5b649f6b3 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3891,8 +3891,7 @@ component_build_psa_accel_key_type_rsa_public_key() { support_build_tfm_armcc () { - armc6_cc="$ARMC6_BIN_DIR/armclang" - (check_tools "$armc6_cc" > /dev/null 2>&1) + support_build_armcc } component_build_tfm_armcc() { @@ -4026,7 +4025,6 @@ component_build_aes_variations() { # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with CBC/XTS/DES/NIST_KW, # manually set or unset those configurations to check # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o. - scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS @@ -4625,8 +4623,7 @@ component_test_block_cipher_no_decrypt_aesni_use_psa () { } support_test_block_cipher_no_decrypt_aesce_armcc () { - armc6_cc="$ARMC6_BIN_DIR/armclang" - (check_tools "$armc6_cc" > /dev/null 2>&1) + support_build_armcc } component_test_block_cipher_no_decrypt_aesce_armcc () { From 111159b89c08b6f691b4fe33a2732f4bf84da9a9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 10 Nov 2023 13:41:12 +0800 Subject: [PATCH 50/61] BLOCK_CIPHER_NO_DECRYPT: call encrypt direction unconditionally Signed-off-by: Yanray Wang --- include/mbedtls/aes.h | 2 -- library/aes.c | 9 ++++----- library/aesce.c | 9 ++++----- library/aesni.c | 25 ++++++++++--------------- library/psa_crypto.c | 1 - 5 files changed, 18 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index c43134d45..c53f817c1 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -60,8 +60,6 @@ /* Error codes in range 0x0021-0x0025 */ /** Invalid input data. */ #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 -/** The requested feature is not available. */ -#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 #ifdef __cplusplus extern "C" { diff --git a/library/aes.c b/library/aes.c index 9dc7b7d14..f91d2519f 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1064,14 +1064,13 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, #endif #if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) - if (mode == MBEDTLS_AES_ENCRYPT) { - return mbedtls_internal_aes_encrypt(ctx, input, output); - } else { #if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) + if (mode == MBEDTLS_AES_DECRYPT) { return mbedtls_internal_aes_decrypt(ctx, input, output); -#else - return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE; + } else #endif + { + return mbedtls_internal_aes_encrypt(ctx, input, output); } #endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ } diff --git a/library/aesce.c b/library/aesce.c index 5883e6a83..9a82731f0 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -244,14 +244,13 @@ int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, uint8x16_t block = vld1q_u8(&input[0]); unsigned char *keys = (unsigned char *) (ctx->buf + ctx->rk_offset); - if (mode == MBEDTLS_AES_ENCRYPT) { - block = aesce_encrypt_block(block, keys, ctx->nr); - } else { #if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) + if (mode == MBEDTLS_AES_DECRYPT) { block = aesce_decrypt_block(block, keys, ctx->nr); -#else - return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE; + } else #endif + { + block = aesce_encrypt_block(block, keys, ctx->nr); } vst1q_u8(&output[0], block); diff --git a/library/aesni.c b/library/aesni.c index 6c917daec..c68b081de 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -93,24 +93,25 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, ++rk; --nr; - if (mode == MBEDTLS_AES_ENCRYPT) { - while (nr != 0) { - state = _mm_aesenc_si128(state, *rk); - ++rk; - --nr; - } - state = _mm_aesenclast_si128(state, *rk); - } else { #if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) + if (mode == MBEDTLS_AES_DECRYPT) { while (nr != 0) { state = _mm_aesdec_si128(state, *rk); ++rk; --nr; } state = _mm_aesdeclast_si128(state, *rk); + } else #else - return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE; + (void) mode; #endif + { + while (nr != 0) { + state = _mm_aesenc_si128(state, *rk); + ++rk; + --nr; + } + state = _mm_aesenclast_si128(state, *rk); } memcpy(output, &state, 16); @@ -445,12 +446,6 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) { -#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) - if (mode == MBEDTLS_AES_DECRYPT) { - return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE; - } -#endif - asm ("movdqu (%3), %%xmm0 \n\t" // load input "movdqu (%1), %%xmm1 \n\t" // load round key 0 "pxor %%xmm1, %%xmm0 \n\t" // round 0 diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2ada2eb72..1faf1dd6c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -157,7 +157,6 @@ psa_status_t mbedtls_to_psa_error(int ret) #if defined(MBEDTLS_AES_C) case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH: case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH: - case MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE: return PSA_ERROR_NOT_SUPPORTED; case MBEDTLS_ERR_AES_BAD_INPUT_DATA: return PSA_ERROR_INVALID_ARGUMENT; From cd25d2252655268326ebb78ccee61a846a3e57db Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 10 Nov 2023 15:33:27 +0800 Subject: [PATCH 51/61] cipher.c: remove checks for CBC,XTS,KW,KWP in cipher_setkey We have checks for CBC, XTS and KW modes in check_config.h. This means we should never get a successful build with above three modes. Therefore, the checks in cipher_setkey is not necessary as other error will be emitted if asking for those modes in the cipher. Additionally, removing the checks can save extra code size. Signed-off-by: Yanray Wang --- library/cipher.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/library/cipher.c b/library/cipher.c index 909324aae..33da58055 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -320,15 +320,6 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } #if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) - /* CBC, XTS, KW and KWP mode always need decryption, return an error to - * indicate those modes are not available under - * MBEDTLS_BLOCK_CIPHER_NO_DECRYPT. */ - if (MBEDTLS_MODE_CBC == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) || - MBEDTLS_MODE_XTS == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) || - MBEDTLS_MODE_KW == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) || - MBEDTLS_MODE_KWP == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) { - return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; - } if (MBEDTLS_MODE_ECB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) && MBEDTLS_DECRYPT == operation) { return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; From 0287b9d26037a2bbaff63c5a4cc35ad99acb74d9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 10 Nov 2023 18:21:21 +0800 Subject: [PATCH 52/61] padlock.c: guard mbedtls_padlock_xcryptcbc by CIPHER_MODE_CBC Signed-off-by: Yanray Wang --- library/padlock.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/padlock.c b/library/padlock.c index 563d40e7c..0ea412968 100644 --- a/library/padlock.c +++ b/library/padlock.c @@ -108,6 +108,7 @@ int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx, return 0; } +#if defined(MBEDTLS_CIPHER_MODE_CBC) /* * PadLock AES-CBC buffer en(de)cryption */ @@ -161,6 +162,7 @@ int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx, return 0; } +#endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_VIA_PADLOCK_HAVE_CODE */ From 85b746571202fcc0da643bd709b7fdcf92ce7e04 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 13 Nov 2023 16:48:36 +0800 Subject: [PATCH 53/61] all.sh: block_cipher_no_decrypt: fix various issues - improve test completeness - renaming - fix typo Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5b649f6b3..1c3c9e8cc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4555,6 +4555,8 @@ helper_block_cipher_no_decrypt_build_test () { not grep mbedtls_camellia_setkey_dec library/camellia.o # Make sure we don't have mbedtls_internal_aes_decrypt in AES not grep mbedtls_internal_aes_decrypt library/aes.o + # Make sure we don't have mbedtls_aesni_inverse_key in AESNI + not grep mbedtls_aesni_inverse_key library/aesni.o msg "test: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" make test @@ -4592,7 +4594,7 @@ common_block_cipher_no_decrypt () { -l "-m32" } -component_test_block_cipher_no_decrypt_aesni_legacy () { +component_test_block_cipher_no_decrypt_aesni () { # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC @@ -4667,7 +4669,7 @@ component_test_block_cipher_no_decrypt_aesce_armcc () { not grep mbedtls_camellia_setkey_dec library/camellia.o # Make sure we don't have mbedtls_internal_aes_decrypt in AES not grep mbedtls_internal_aes_decrypt library/aes.o - # Make sure we don't have mbedtls_aesce_inverse_key and aesce_decrypt_block in aesce + # Make sure we don't have mbedtls_aesce_inverse_key and aesce_decrypt_block in AESCE not grep mbedtls_aesce_inverse_key library/aesce.o not grep aesce_decrypt_block library/aesce.o } From b2d6e527587419e26dd23345aa93280811c40ecc Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 13 Nov 2023 16:57:47 +0800 Subject: [PATCH 54/61] all.sh: block_cipher_no_decrypt: simplify code Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1c3c9e8cc..896a7d973 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4536,14 +4536,8 @@ helper_block_cipher_no_decrypt_build_test () { cflags="${cflags:-}" ldflags="${ldflags:-}" - for opt in $set_opts; do - echo "Enabling $opt" - scripts/config.py set $opt - done - for opt in $unset_opts; do - echo "Disabling $opt" - scripts/config.py unset $opt - done + [ -n "$set_opts" ] && echo "Enabling: $set_opts" && scripts/config.py set-all $set_opts + [ -n "$unset_opts" ] && echo "Disabling: $unset_opts" && scripts/config.py unset-all $unset_opts msg "build: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" make clean From 07e663de5eac0536387b88c0d5f2406f76172a7e Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 13 Nov 2023 17:15:39 +0800 Subject: [PATCH 55/61] all.sh: block_cipher_no_decrypt: clean up cflags Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 896a7d973..ddd644b8f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4525,7 +4525,7 @@ helper_block_cipher_no_decrypt_build_test () { -u) shift; local unset_opts="$1";; -c) - shift; local cflags="$1";; + shift; local cflags="-Werror -Wall -Wextra $1";; -l) shift; local ldflags="$1";; esac @@ -4569,22 +4569,21 @@ common_block_cipher_no_decrypt () { # test AESNI intrinsics helper_block_cipher_no_decrypt_build_test \ -s "MBEDTLS_AESNI_C" \ - -c "-Werror -Wall -Wextra -mpclmul -msse2 -maes" + -c "-mpclmul -msse2 -maes" # test AESNI assembly helper_block_cipher_no_decrypt_build_test \ -s "MBEDTLS_AESNI_C" \ - -c "-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes" + -c "-mno-pclmul -mno-sse2 -mno-aes" # test AES C implementation helper_block_cipher_no_decrypt_build_test \ - -u "MBEDTLS_AESNI_C" \ - -c "-Werror -Wall -Wextra" + -u "MBEDTLS_AESNI_C" # test AESNI intrinsics for i386 target helper_block_cipher_no_decrypt_build_test \ -s "MBEDTLS_AESNI_C" \ - -c "-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes" \ + -c "-m32 -mpclmul -msse2 -maes" \ -l "-m32" } From 3ae1199788c29f56ce1dc48e44aae2c0e6a190e9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 13 Nov 2023 17:32:09 +0800 Subject: [PATCH 56/61] all.sh: add config_block_cipher_no_decrypt to simplify code Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 52 ++++++++++++++++++-------------------------- 1 file changed, 21 insertions(+), 31 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ddd644b8f..0f653fed1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4587,33 +4587,36 @@ common_block_cipher_no_decrypt () { -l "-m32" } -component_test_block_cipher_no_decrypt_aesni () { - # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs +# This is a configuration function used in component_test_block_cipher_no_decrypt_xxx: +# usage: 0: no PSA crypto configuration +# 1: use PSA crypto configuration +config_block_cipher_no_decrypt () { + use_psa=$1 + scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C + if [ "$use_psa" -eq 1 ]; then + # Enable support for cryptographic mechanisms through the PSA API. + # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES + fi +} + +component_test_block_cipher_no_decrypt_aesni () { + config_block_cipher_no_decrypt 0 common_block_cipher_no_decrypt } component_test_block_cipher_no_decrypt_aesni_use_psa () { - # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs - scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS - scripts/config.py unset MBEDTLS_DES_C - scripts/config.py unset MBEDTLS_NIST_KW_C - - # Enable support for cryptographic mechanisms through the PSA API. - # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES - + config_block_cipher_no_decrypt 1 common_block_cipher_no_decrypt } @@ -4636,20 +4639,7 @@ component_test_block_cipher_no_decrypt_aesce_armcc () { scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT scripts/config.py set MBEDTLS_HAVE_ASM - # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs - scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS - scripts/config.py unset MBEDTLS_DES_C - scripts/config.py unset MBEDTLS_NIST_KW_C - - # Enable support for cryptographic mechanisms through the PSA API. - # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES + config_block_cipher_no_decrypt 1 # test AESCE baremetal build scripts/config.py set MBEDTLS_AESCE_C From 19583e44ed9200b35443b2e48da69bca19abec27 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 13 Nov 2023 17:39:32 +0800 Subject: [PATCH 57/61] psa_information: improve code readability Signed-off-by: Yanray Wang --- scripts/mbedtls_dev/psa_information.py | 4 ++-- tests/scripts/generate_psa_tests.py | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/scripts/mbedtls_dev/psa_information.py b/scripts/mbedtls_dev/psa_information.py index 2287ae13e..ea8c12341 100644 --- a/scripts/mbedtls_dev/psa_information.py +++ b/scripts/mbedtls_dev/psa_information.py @@ -112,12 +112,12 @@ ECB_NO_PADDING_DEP = ['!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT'] DEPENDENCY_FROM_DESCRIPTION = OrderedDict() DEPENDENCY_FROM_DESCRIPTION[AES_128BIT_ONLY_DEP_REGEX] = AES_128BIT_ONLY_DEP DEPENDENCY_FROM_DESCRIPTION[ECB_NO_PADDING_DEP_REGEX] = ECB_NO_PADDING_DEP -def generate_description_dependencies( - dep_list: List[str], +def generate_deps_from_description( description: str ) -> List[str]: """Return additional dependencies based on test case description and REGEX. """ + dep_list = [] for regex, deps in DEPENDENCY_FROM_DESCRIPTION.items(): if re.search(regex, description): dep_list += deps diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index 04c36f7f9..a6683f51d 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -508,8 +508,7 @@ class StorageFormat: key.alg.string, key.alg2.string, ) dependencies = psa_information.finish_family_dependencies(dependencies, key.bits) - dependencies = psa_information.generate_description_dependencies(dependencies, - key.description) + dependencies += psa_information.generate_deps_from_description(key.description) dependencies = psa_information.fix_key_pair_dependencies(dependencies, 'BASIC') tc.set_dependencies(dependencies) tc.set_function('key_storage_' + verb) From c43479103a3b8a8841000157944f0e090744d448 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 14 Nov 2023 10:10:49 +0800 Subject: [PATCH 58/61] aesce: fix unused parameter Signed-off-by: Yanray Wang --- library/aesce.c | 2 ++ tests/scripts/all.sh | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/library/aesce.c b/library/aesce.c index 9a82731f0..b78656397 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -248,6 +248,8 @@ int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, if (mode == MBEDTLS_AES_DECRYPT) { block = aesce_decrypt_block(block, keys, ctx->nr); } else +#else + (void) mode; #endif { block = aesce_encrypt_block(block, keys, ctx->nr); diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0f653fed1..db5f29bf6 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4644,7 +4644,7 @@ component_test_block_cipher_no_decrypt_aesce_armcc () { # test AESCE baremetal build scripts/config.py set MBEDTLS_AESCE_C msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESCE" - armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto" + armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra" # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA not grep mbedtls_aes_setkey_dec library/aes.o From 70642ecb249d6c88bf7f16031b7a6acfb771528c Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 23 Nov 2023 11:10:53 +0800 Subject: [PATCH 59/61] all.sh: check_test_dependencies: add one more option - add !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT in whitelist Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index bc4570f88..2f952345c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1044,7 +1044,10 @@ component_check_test_dependencies () { tests/suites/test_suite_psa*.data tests/suites/test_suite_psa*.function | grep -Eo '!?MBEDTLS_[^: ]*' | grep -v MBEDTLS_PSA_ | - sort -u > $found + # By default, sort (v8.25) on ubuntu-16 and sort (v8.30) on ubuntu-20 + # sort text in different order. We use -d option to sort text in + # an order considering only blanks and alphanumeric characters. + sort -ud > $found # Expected ones with justification - keep in sorted order! rm -f $expected @@ -1056,6 +1059,8 @@ component_check_test_dependencies () { # the test code and that's probably the most convenient way of achieving # the test's goal. echo "MBEDTLS_ASN1_WRITE_C" >> $expected + # No PSA equivalent - used to skip decryption tests in CBC/XTS/DES/NIST_KW + echo "!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT" >> $expected # No PSA equivalent - we should probably have one in the future. echo "MBEDTLS_ECP_RESTARTABLE" >> $expected # No PSA equivalent - needed by some init tests From 42be1bab30b62fc9cc962049862d4e1d54e26930 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 23 Nov 2023 14:28:47 +0800 Subject: [PATCH 60/61] block_cipher_no_decrypt: improve comment Signed-off-by: Yanray Wang --- scripts/config.py | 2 +- tests/scripts/all.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index 0f5ad87f3..d5fb85e52 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -180,7 +180,7 @@ EXCLUDE_FROM_FULL = frozenset([ #pylint: disable=line-too-long 'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_AES_USE_HARDWARE_ONLY', # hardware dependency - 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with DES/CBC/XTS/NIST_KW + 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES 'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256 'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2f952345c..8ddbf4b40 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1059,7 +1059,7 @@ component_check_test_dependencies () { # the test code and that's probably the most convenient way of achieving # the test's goal. echo "MBEDTLS_ASN1_WRITE_C" >> $expected - # No PSA equivalent - used to skip decryption tests in CBC/XTS/DES/NIST_KW + # No PSA equivalent - used to skip decryption tests in PSA-ECB, CBC/XTS/NIST_KW/DES echo "!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT" >> $expected # No PSA equivalent - we should probably have one in the future. echo "MBEDTLS_ECP_RESTARTABLE" >> $expected @@ -4252,7 +4252,7 @@ component_build_aes_variations() { cd "$MBEDTLS_ROOT_DIR" msg "build: aes.o for all combinations of relevant config options + BLOCK_CIPHER_NO_DECRYPT" - # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with CBC/XTS/DES/NIST_KW, + # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES, # manually set or unset those configurations to check # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o. scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT From 18040ede3fc89b3e2b1f4f92ede4d5fe33c94b26 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 23 Nov 2023 21:29:56 +0800 Subject: [PATCH 61/61] all.sh: export LC_COLLATE=C for sorting in ASCII order By default, 'sort' sorts characters with system default locale, which causes unexpected sorting order. To sort characters in ASCII from computer perspective, export LC_COLLATE=C to specify character collation for regular expressions and sorting with C locale. Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8ddbf4b40..5c2f1fd79 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -163,6 +163,9 @@ pre_initialize_variables () { # basic-build-test.sh as well. RELEASE_SEED=1 + # Specify character collation for regular expressions and sorting with C locale + export LC_COLLATE=C + : ${MBEDTLS_TEST_OUTCOME_FILE=} : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} export MBEDTLS_TEST_OUTCOME_FILE @@ -1044,23 +1047,20 @@ component_check_test_dependencies () { tests/suites/test_suite_psa*.data tests/suites/test_suite_psa*.function | grep -Eo '!?MBEDTLS_[^: ]*' | grep -v MBEDTLS_PSA_ | - # By default, sort (v8.25) on ubuntu-16 and sort (v8.30) on ubuntu-20 - # sort text in different order. We use -d option to sort text in - # an order considering only blanks and alphanumeric characters. - sort -ud > $found + sort -u > $found - # Expected ones with justification - keep in sorted order! + # Expected ones with justification - keep in sorted order by ASCII table! rm -f $expected # No PSA equivalent - WANT_KEY_TYPE_AES means all sizes echo "!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" >> $expected + # No PSA equivalent - used to skip decryption tests in PSA-ECB, CBC/XTS/NIST_KW/DES + echo "!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT" >> $expected # This is used by import_rsa_made_up() in test_suite_psa_crypto in order # to build a fake RSA key of the wanted size based on # PSA_VENDOR_RSA_MAX_KEY_BITS. The legacy module is only used by # the test code and that's probably the most convenient way of achieving # the test's goal. echo "MBEDTLS_ASN1_WRITE_C" >> $expected - # No PSA equivalent - used to skip decryption tests in PSA-ECB, CBC/XTS/NIST_KW/DES - echo "!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT" >> $expected # No PSA equivalent - we should probably have one in the future. echo "MBEDTLS_ECP_RESTARTABLE" >> $expected # No PSA equivalent - needed by some init tests