mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2024-12-25 15:20:25 +00:00
Drop support for VIA Padlock
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
This commit is contained in:
parent
a0cfe01bb7
commit
62af02c063
@ -128,7 +128,7 @@ even a remote. The attacks can result in key recovery.
|
||||
|
||||
- Turn on hardware acceleration for AES. This is supported only on selected
|
||||
architectures and currently only available for AES. See configuration options
|
||||
`MBEDTLS_AESCE_C`, `MBEDTLS_AESNI_C` and `MBEDTLS_PADLOCK_C` for details.
|
||||
`MBEDTLS_AESCE_C`, `MBEDTLS_AESNI_C` for details.
|
||||
- Add a secure alternative implementation (typically hardware acceleration) for
|
||||
the vulnerable cipher. See the [Alternative Implementations
|
||||
Guide](docs/architecture/alternative-implementations.md) for more information.
|
||||
|
@ -56,7 +56,6 @@
|
||||
*
|
||||
* Required by:
|
||||
* MBEDTLS_AESNI_C
|
||||
* MBEDTLS_PADLOCK_C
|
||||
*
|
||||
* Comment to disable the use of assembly code.
|
||||
*/
|
||||
|
@ -46,7 +46,7 @@ Generally, alternative implementations can define their context types to any C t
|
||||
|
||||
Where a context type needs to have a certain field, the field must have the same type and semantics as in the built-in implementation, but does not need to be at the same position in the structure. Furthermore, unless otherwise indicated, only read access is necessary: the field can be `const`, and modifications to it do not need to be supported. For example, if an alternative implementation of asymmetric cryptography uses a different representation of large integers, it is sufficient to provide a read-only copy of the fields listed here of type `mbedtls_mpi`.
|
||||
|
||||
* AES: if `MBEDTLS_AESNI_C` or `MBEDTLS_PADLOCK_C` is enabled, `mbedtls_aes_context` must have the fields `nr` and `rk`.
|
||||
* AES: if `MBEDTLS_AESNI_C` is enabled, `mbedtls_aes_context` must have the fields `nr` and `rk`.
|
||||
* DHM: if `MBEDTLS_DEBUG_C` is enabled, `mbedtls_dhm_context` must have the fields `P`, `Q`, `G`, `GX`, `GY` and `K`.
|
||||
* ECP: `mbedtls_ecp_group` must have the fields `id`, `P`, `A`, `B`, `G`, `N`, `pbits` and `nbits`.
|
||||
* If `MBEDTLS_PK_PARSE_EC_EXTENDED` is enabled, those fields must be writable, and `mbedtls_ecp_point_read_binary()` must support a group structure where only `P`, `pbits`, `A` and `B` are set.
|
||||
|
@ -35,7 +35,7 @@
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
/* padlock.c and aesni.c rely on these values! */
|
||||
/* aesni.c rely on these values! */
|
||||
#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */
|
||||
#define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */
|
||||
|
||||
@ -64,19 +64,15 @@ typedef struct mbedtls_aes_context {
|
||||
int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */
|
||||
size_t MBEDTLS_PRIVATE(rk_offset); /*!< The offset in array elements to AES
|
||||
round keys in the buffer. */
|
||||
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_PADLOCK_C)
|
||||
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
uint32_t MBEDTLS_PRIVATE(buf)[44]; /*!< Aligned data buffer to hold
|
||||
10 round keys for 128-bit case. */
|
||||
#else
|
||||
uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can
|
||||
hold 32 extra Bytes, which can be used for
|
||||
one of the following purposes:
|
||||
<ul><li>Alignment if VIA padlock is
|
||||
used.</li>
|
||||
<li>Simplifying key expansion in the 256-bit
|
||||
case by generating an extra round key.
|
||||
</li></ul> */
|
||||
#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH && !MBEDTLS_PADLOCK_C */
|
||||
simplifying key expansion in the 256-bit
|
||||
case by generating an extra round key. */
|
||||
#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
|
||||
}
|
||||
mbedtls_aes_context;
|
||||
|
||||
|
@ -40,12 +40,10 @@
|
||||
* library/aria.c
|
||||
* library/bn_mul.h
|
||||
* library/constant_time.c
|
||||
* library/padlock.h
|
||||
*
|
||||
* Required by:
|
||||
* MBEDTLS_AESCE_C
|
||||
* MBEDTLS_AESNI_C (on some platforms)
|
||||
* MBEDTLS_PADLOCK_C
|
||||
*
|
||||
* Comment to disable the use of assembly code.
|
||||
*/
|
||||
@ -3010,20 +3008,6 @@
|
||||
*/
|
||||
#define MBEDTLS_OID_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PADLOCK_C
|
||||
*
|
||||
* Enable VIA Padlock support on x86.
|
||||
*
|
||||
* Module: library/padlock.c
|
||||
* Caller: library/aes.c
|
||||
*
|
||||
* Requires: MBEDTLS_HAVE_ASM
|
||||
*
|
||||
* This modules adds support for the VIA PadLock on x86.
|
||||
*/
|
||||
#define MBEDTLS_PADLOCK_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PEM_PARSE_C
|
||||
*
|
||||
|
@ -53,7 +53,6 @@ set(src_crypto
|
||||
memory_buffer_alloc.c
|
||||
nist_kw.c
|
||||
oid.c
|
||||
padlock.c
|
||||
pem.c
|
||||
pk.c
|
||||
pk_ecc.c
|
||||
|
@ -145,7 +145,6 @@ OBJS_CRYPTO= \
|
||||
memory_buffer_alloc.o \
|
||||
nist_kw.o \
|
||||
oid.o \
|
||||
padlock.o \
|
||||
pem.o \
|
||||
pk.o \
|
||||
pk_ecc.o \
|
||||
|
@ -30,21 +30,6 @@
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ARCH_IS_X86)
|
||||
#if defined(MBEDTLS_PADLOCK_C)
|
||||
#if !defined(MBEDTLS_HAVE_ASM)
|
||||
#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
|
||||
#endif
|
||||
#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
|
||||
#error "MBEDTLS_AES_USE_HARDWARE_ONLY cannot be defined when " \
|
||||
"MBEDTLS_PADLOCK_C is set"
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PADLOCK_C)
|
||||
#include "padlock.h"
|
||||
#endif
|
||||
#if defined(MBEDTLS_AESNI_C)
|
||||
#include "aesni.h"
|
||||
#endif
|
||||
@ -67,10 +52,6 @@
|
||||
|
||||
#if !defined(MBEDTLS_AES_ALT)
|
||||
|
||||
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
|
||||
static int aes_padlock_ace = -1;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_AES_ROM_TABLES)
|
||||
/*
|
||||
* Forward S-box
|
||||
@ -527,8 +508,7 @@ void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx)
|
||||
* Note that the offset is in units of elements of buf, i.e. 32-bit words,
|
||||
* i.e. an offset of 1 means 4 bytes and so on.
|
||||
*/
|
||||
#if (defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)) || \
|
||||
(defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2)
|
||||
#if (defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2)
|
||||
#define MAY_NEED_TO_ALIGN
|
||||
#endif
|
||||
|
||||
@ -537,15 +517,6 @@ MBEDTLS_MAYBE_UNUSED static unsigned mbedtls_aes_rk_offset(uint32_t *buf)
|
||||
#if defined(MAY_NEED_TO_ALIGN)
|
||||
int align_16_bytes = 0;
|
||||
|
||||
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
|
||||
if (aes_padlock_ace == -1) {
|
||||
aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE);
|
||||
}
|
||||
if (aes_padlock_ace) {
|
||||
align_16_bytes = 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2
|
||||
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
|
||||
align_16_bytes = 1;
|
||||
@ -1000,12 +971,13 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
|
||||
}
|
||||
#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
|
||||
|
||||
/* VIA Padlock and our intrinsics-based implementation of AESNI require
|
||||
* the round keys to be aligned on a 16-byte boundary. We take care of this
|
||||
* before creating them, but the AES context may have moved (this can happen
|
||||
* if the library is called from a language with managed memory), and in later
|
||||
* calls it might have a different alignment with respect to 16-byte memory.
|
||||
* So we may need to realign.
|
||||
/*
|
||||
* Our intrinsics-based implementation of AESNI require the round keys to be
|
||||
* aligned on a 16-byte boundary. We take care of this before creating them,
|
||||
* but the AES context may have moved (this can happen if the library is
|
||||
* called from a language with managed memory), and in later calls it might
|
||||
* have a different alignment with respect to 16-byte memory. So we may need
|
||||
* to realign.
|
||||
*/
|
||||
MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx)
|
||||
{
|
||||
@ -1046,12 +1018,6 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
|
||||
if (aes_padlock_ace > 0) {
|
||||
return mbedtls_padlock_xcryptecb(ctx, mode, input, output);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
|
||||
#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
|
||||
if (mode == MBEDTLS_AES_DECRYPT) {
|
||||
@ -1092,18 +1058,6 @@ int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
|
||||
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
|
||||
if (aes_padlock_ace > 0) {
|
||||
if (mbedtls_padlock_xcryptcbc(ctx, mode, length, iv, input, output) == 0) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
// If padlock data misaligned, we just fall back to
|
||||
// unaccelerated mode
|
||||
//
|
||||
}
|
||||
#endif
|
||||
|
||||
const unsigned char *ivp = iv;
|
||||
|
||||
if (mode == MBEDTLS_AES_DECRYPT) {
|
||||
@ -1860,11 +1814,6 @@ int mbedtls_aes_self_test(int verbose)
|
||||
mbedtls_printf(" AES note: using AESNI.\n");
|
||||
} else
|
||||
#endif
|
||||
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
|
||||
if (mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE)) {
|
||||
mbedtls_printf(" AES note: using VIA Padlock.\n");
|
||||
} else
|
||||
#endif
|
||||
#if defined(MBEDTLS_AESCE_HAVE_CODE)
|
||||
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
|
||||
mbedtls_printf(" AES note: using AESCE.\n");
|
||||
|
@ -1,157 +0,0 @@
|
||||
/*
|
||||
* VIA PadLock support functions
|
||||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
/*
|
||||
* This implementation is based on the VIA PadLock Programming Guide:
|
||||
*
|
||||
* http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/
|
||||
* programming_guide.pdf
|
||||
*/
|
||||
|
||||
#include "common.h"
|
||||
|
||||
#if defined(MBEDTLS_PADLOCK_C)
|
||||
|
||||
#include "padlock.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
|
||||
|
||||
/*
|
||||
* PadLock detection routine
|
||||
*/
|
||||
int mbedtls_padlock_has_support(int feature)
|
||||
{
|
||||
static int flags = -1;
|
||||
int ebx = 0, edx = 0;
|
||||
|
||||
if (flags == -1) {
|
||||
asm ("movl %%ebx, %0 \n\t"
|
||||
"movl $0xC0000000, %%eax \n\t"
|
||||
"cpuid \n\t"
|
||||
"cmpl $0xC0000001, %%eax \n\t"
|
||||
"movl $0, %%edx \n\t"
|
||||
"jb 1f \n\t"
|
||||
"movl $0xC0000001, %%eax \n\t"
|
||||
"cpuid \n\t"
|
||||
"1: \n\t"
|
||||
"movl %%edx, %1 \n\t"
|
||||
"movl %2, %%ebx \n\t"
|
||||
: "=m" (ebx), "=m" (edx)
|
||||
: "m" (ebx)
|
||||
: "eax", "ecx", "edx");
|
||||
|
||||
flags = edx;
|
||||
}
|
||||
|
||||
return flags & feature;
|
||||
}
|
||||
|
||||
/*
|
||||
* PadLock AES-ECB block en(de)cryption
|
||||
*/
|
||||
int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16])
|
||||
{
|
||||
int ebx = 0;
|
||||
uint32_t *rk;
|
||||
uint32_t *blk;
|
||||
uint32_t *ctrl;
|
||||
unsigned char buf[256];
|
||||
|
||||
rk = ctx->buf + ctx->rk_offset;
|
||||
|
||||
if (((long) rk & 15) != 0) {
|
||||
return MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED;
|
||||
}
|
||||
|
||||
blk = MBEDTLS_PADLOCK_ALIGN16(buf);
|
||||
memcpy(blk, input, 16);
|
||||
|
||||
ctrl = blk + 4;
|
||||
*ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode^1) - 10) << 9);
|
||||
|
||||
asm ("pushfl \n\t"
|
||||
"popfl \n\t"
|
||||
"movl %%ebx, %0 \n\t"
|
||||
"movl $1, %%ecx \n\t"
|
||||
"movl %2, %%edx \n\t"
|
||||
"movl %3, %%ebx \n\t"
|
||||
"movl %4, %%esi \n\t"
|
||||
"movl %4, %%edi \n\t"
|
||||
".byte 0xf3,0x0f,0xa7,0xc8 \n\t"
|
||||
"movl %1, %%ebx \n\t"
|
||||
: "=m" (ebx)
|
||||
: "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk)
|
||||
: "memory", "ecx", "edx", "esi", "edi");
|
||||
|
||||
memcpy(output, blk, 16);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
/*
|
||||
* PadLock AES-CBC buffer en(de)cryption
|
||||
*/
|
||||
int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output)
|
||||
{
|
||||
int ebx = 0;
|
||||
size_t count;
|
||||
uint32_t *rk;
|
||||
uint32_t *iw;
|
||||
uint32_t *ctrl;
|
||||
unsigned char buf[256];
|
||||
|
||||
rk = ctx->buf + ctx->rk_offset;
|
||||
|
||||
if (((long) input & 15) != 0 ||
|
||||
((long) output & 15) != 0 ||
|
||||
((long) rk & 15) != 0) {
|
||||
return MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED;
|
||||
}
|
||||
|
||||
iw = MBEDTLS_PADLOCK_ALIGN16(buf);
|
||||
memcpy(iw, iv, 16);
|
||||
|
||||
ctrl = iw + 4;
|
||||
*ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode ^ 1) - 10) << 9);
|
||||
|
||||
count = (length + 15) >> 4;
|
||||
|
||||
asm ("pushfl \n\t"
|
||||
"popfl \n\t"
|
||||
"movl %%ebx, %0 \n\t"
|
||||
"movl %2, %%ecx \n\t"
|
||||
"movl %3, %%edx \n\t"
|
||||
"movl %4, %%ebx \n\t"
|
||||
"movl %5, %%esi \n\t"
|
||||
"movl %6, %%edi \n\t"
|
||||
"movl %7, %%eax \n\t"
|
||||
".byte 0xf3,0x0f,0xa7,0xd0 \n\t"
|
||||
"movl %1, %%ebx \n\t"
|
||||
: "=m" (ebx)
|
||||
: "m" (ebx), "m" (count), "m" (ctrl),
|
||||
"m" (rk), "m" (input), "m" (output), "m" (iw)
|
||||
: "memory", "eax", "ecx", "edx", "esi", "edi");
|
||||
|
||||
memcpy(iv, iw, 16);
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#endif /* MBEDTLS_VIA_PADLOCK_HAVE_CODE */
|
||||
|
||||
#endif /* MBEDTLS_PADLOCK_C */
|
@ -1,111 +0,0 @@
|
||||
/**
|
||||
* \file padlock.h
|
||||
*
|
||||
* \brief VIA PadLock ACE for HW encryption/decryption supported by some
|
||||
* processors
|
||||
*
|
||||
* \warning These functions are only for internal use by other library
|
||||
* functions; you must not call them directly.
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_PADLOCK_H
|
||||
#define MBEDTLS_PADLOCK_H
|
||||
|
||||
#include "mbedtls/build_info.h"
|
||||
|
||||
#include "mbedtls/aes.h"
|
||||
|
||||
#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< Input data should be aligned. */
|
||||
|
||||
#if defined(__has_feature)
|
||||
#if __has_feature(address_sanitizer)
|
||||
#define MBEDTLS_HAVE_ASAN
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/*
|
||||
* - `padlock` is implements with GNUC assembly for x86 target.
|
||||
* - Some versions of ASan result in errors about not enough registers.
|
||||
*/
|
||||
#if defined(MBEDTLS_PADLOCK_C) && \
|
||||
defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X86) && \
|
||||
defined(MBEDTLS_HAVE_ASM) && \
|
||||
!defined(MBEDTLS_HAVE_ASAN)
|
||||
|
||||
#define MBEDTLS_VIA_PADLOCK_HAVE_CODE
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#define MBEDTLS_PADLOCK_RNG 0x000C
|
||||
#define MBEDTLS_PADLOCK_ACE 0x00C0
|
||||
#define MBEDTLS_PADLOCK_PHE 0x0C00
|
||||
#define MBEDTLS_PADLOCK_PMM 0x3000
|
||||
|
||||
#define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) (x) & ~15))
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Internal PadLock detection routine
|
||||
*
|
||||
* \note This function is only for internal use by other library
|
||||
* functions; you must not call it directly.
|
||||
*
|
||||
* \param feature The feature to detect
|
||||
*
|
||||
* \return non-zero if CPU has support for the feature, 0 otherwise
|
||||
*/
|
||||
int mbedtls_padlock_has_support(int feature);
|
||||
|
||||
/**
|
||||
* \brief Internal PadLock AES-ECB block en(de)cryption
|
||||
*
|
||||
* \note This function is only for internal use by other library
|
||||
* functions; you must not call it directly.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
* \param input 16-byte input block
|
||||
* \param output 16-byte output block
|
||||
*
|
||||
* \return 0 if success, 1 if operation failed
|
||||
*/
|
||||
int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16]);
|
||||
|
||||
/**
|
||||
* \brief Internal PadLock AES-CBC buffer en(de)cryption
|
||||
*
|
||||
* \note This function is only for internal use by other library
|
||||
* functions; you must not call it directly.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
* \param length length of the input data
|
||||
* \param iv initialization vector (updated after use)
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer holding the output data
|
||||
*
|
||||
* \return 0 if success, 1 if operation failed
|
||||
*/
|
||||
int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* HAVE_X86 */
|
||||
|
||||
#endif /* padlock.h */
|
@ -2540,9 +2540,8 @@ component_build_module_alt () {
|
||||
scripts/config.py full
|
||||
|
||||
# Disable options that are incompatible with some ALT implementations:
|
||||
# aesni.c and padlock.c reference mbedtls_aes_context fields directly.
|
||||
# aesni.c references mbedtls_aes_context fields directly.
|
||||
scripts/config.py unset MBEDTLS_AESNI_C
|
||||
scripts/config.py unset MBEDTLS_PADLOCK_C
|
||||
scripts/config.py unset MBEDTLS_AESCE_C
|
||||
# MBEDTLS_ECP_RESTARTABLE is documented as incompatible.
|
||||
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
||||
@ -4253,9 +4252,6 @@ build_test_config_combos() {
|
||||
|
||||
validate_aes_config_variations() {
|
||||
if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then
|
||||
if [[ "$1" == *"MBEDTLS_PADLOCK_C"* ]]; then
|
||||
return 1
|
||||
fi
|
||||
if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \
|
||||
("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then
|
||||
return 1
|
||||
@ -4276,7 +4272,7 @@ component_build_aes_variations() {
|
||||
build_test_config_combos library/aes.o validate_aes_config_variations \
|
||||
"MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \
|
||||
"MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \
|
||||
"MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
|
||||
"MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
|
||||
"MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"
|
||||
|
||||
cd "$MBEDTLS_ROOT_DIR"
|
||||
@ -4293,7 +4289,7 @@ component_build_aes_variations() {
|
||||
build_test_config_combos library/aes.o validate_aes_config_variations \
|
||||
"MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \
|
||||
"MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \
|
||||
"MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
|
||||
"MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
|
||||
"MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"
|
||||
}
|
||||
|
||||
@ -4629,7 +4625,6 @@ component_test_aesni_m32 () { # ~ 60s
|
||||
|
||||
msg "build: default config with different AES implementations"
|
||||
scripts/config.py set MBEDTLS_AESNI_C
|
||||
scripts/config.py set MBEDTLS_PADLOCK_C
|
||||
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
|
||||
scripts/config.py set MBEDTLS_HAVE_ASM
|
||||
|
||||
@ -4645,7 +4640,6 @@ component_test_aesni_m32 () { # ~ 60s
|
||||
grep -q mbedtls_aesni_has_support ./programs/test/selftest
|
||||
|
||||
scripts/config.py set MBEDTLS_AESNI_C
|
||||
scripts/config.py unset MBEDTLS_PADLOCK_C
|
||||
scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
|
||||
msg "AES tests, test AESNI only"
|
||||
make clean
|
||||
@ -4666,7 +4660,6 @@ support_test_aesni_m32_clang() {
|
||||
component_test_aesni_m32_clang() {
|
||||
|
||||
scripts/config.py set MBEDTLS_AESNI_C
|
||||
scripts/config.py set MBEDTLS_PADLOCK_C
|
||||
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
|
||||
scripts/config.py set MBEDTLS_HAVE_ASM
|
||||
|
||||
@ -4837,24 +4830,6 @@ component_build_sha_armce () {
|
||||
not grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
|
||||
}
|
||||
|
||||
# For timebeing, no VIA Padlock platform available.
|
||||
component_build_aes_via_padlock () {
|
||||
|
||||
msg "AES:VIA PadLock, build with default configuration."
|
||||
scripts/config.py unset MBEDTLS_AESNI_C
|
||||
scripts/config.py set MBEDTLS_PADLOCK_C
|
||||
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
|
||||
make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
|
||||
grep -q mbedtls_padlock_has_support ./programs/test/selftest
|
||||
|
||||
}
|
||||
|
||||
support_build_aes_via_padlock_only () {
|
||||
( [ "$MBEDTLS_TEST_PLATFORM" == "Linux-x86_64" ] || \
|
||||
[ "$MBEDTLS_TEST_PLATFORM" == "Linux-amd64" ] ) && \
|
||||
[ "`dpkg --print-foreign-architectures`" == "i386" ]
|
||||
}
|
||||
|
||||
support_build_aes_aesce_armcc () {
|
||||
support_build_armcc
|
||||
}
|
||||
@ -4862,7 +4837,6 @@ support_build_aes_aesce_armcc () {
|
||||
component_test_aes_only_128_bit_keys () {
|
||||
msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH"
|
||||
scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
scripts/config.py unset MBEDTLS_PADLOCK_C
|
||||
|
||||
make CFLAGS='-O2 -Werror -Wall -Wextra'
|
||||
|
||||
@ -4874,7 +4848,6 @@ component_test_no_ctr_drbg_aes_only_128_bit_keys () {
|
||||
msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C"
|
||||
scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
scripts/config.py unset MBEDTLS_CTR_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_PADLOCK_C
|
||||
|
||||
make CC=clang CFLAGS='-Werror -Wall -Wextra'
|
||||
|
||||
@ -4885,7 +4858,6 @@ component_test_no_ctr_drbg_aes_only_128_bit_keys () {
|
||||
component_test_aes_only_128_bit_keys_have_builtins () {
|
||||
msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
|
||||
scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
scripts/config.py unset MBEDTLS_PADLOCK_C
|
||||
scripts/config.py unset MBEDTLS_AESNI_C
|
||||
scripts/config.py unset MBEDTLS_AESCE_C
|
||||
|
||||
@ -4901,7 +4873,6 @@ component_test_aes_only_128_bit_keys_have_builtins () {
|
||||
component_test_gcm_largetable () {
|
||||
msg "build: default config + GCM_LARGE_TABLE - AESNI_C - AESCE_C"
|
||||
scripts/config.py set MBEDTLS_GCM_LARGE_TABLE
|
||||
scripts/config.py unset MBEDTLS_PADLOCK_C
|
||||
scripts/config.py unset MBEDTLS_AESNI_C
|
||||
scripts/config.py unset MBEDTLS_AESCE_C
|
||||
|
||||
@ -5299,7 +5270,6 @@ component_test_m32_no_asm () {
|
||||
msg "build: i386, make, gcc, no asm (ASan build)" # ~ 30s
|
||||
scripts/config.py full
|
||||
scripts/config.py unset MBEDTLS_HAVE_ASM
|
||||
scripts/config.py unset MBEDTLS_PADLOCK_C
|
||||
scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
|
||||
make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
|
||||
|
||||
@ -5380,7 +5350,6 @@ component_test_have_int32 () {
|
||||
msg "build: gcc, force 32-bit bignum limbs"
|
||||
scripts/config.py unset MBEDTLS_HAVE_ASM
|
||||
scripts/config.py unset MBEDTLS_AESNI_C
|
||||
scripts/config.py unset MBEDTLS_PADLOCK_C
|
||||
scripts/config.py unset MBEDTLS_AESCE_C
|
||||
make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32'
|
||||
|
||||
@ -5392,7 +5361,6 @@ component_test_have_int64 () {
|
||||
msg "build: gcc, force 64-bit bignum limbs"
|
||||
scripts/config.py unset MBEDTLS_HAVE_ASM
|
||||
scripts/config.py unset MBEDTLS_AESNI_C
|
||||
scripts/config.py unset MBEDTLS_PADLOCK_C
|
||||
scripts/config.py unset MBEDTLS_AESCE_C
|
||||
make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64'
|
||||
|
||||
@ -5404,7 +5372,6 @@ component_test_have_int32_cmake_new_bignum () {
|
||||
msg "build: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)"
|
||||
scripts/config.py unset MBEDTLS_HAVE_ASM
|
||||
scripts/config.py unset MBEDTLS_AESNI_C
|
||||
scripts/config.py unset MBEDTLS_PADLOCK_C
|
||||
scripts/config.py unset MBEDTLS_AESCE_C
|
||||
scripts/config.py set MBEDTLS_TEST_HOOKS
|
||||
scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT
|
||||
|
Loading…
Reference in New Issue
Block a user