mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-09 21:40:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #9259 from tom-daubney-arm/remove_aes-like_alt_interface

Browse Source 
Remove AES-like alt interface
This commit is contained in:
Bence Szépkúti 2024-07-12 18:33:09 +00:00 committed by GitHub
commit f974bff38c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
24 changed files with 20 additions and 269 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
include/mbedtls/mbedtls_config.h
View File

@ -350,39 +350,7 @@
*/
//#define MBEDTLS_TIMING_ALT
/**
* \def MBEDTLS_AES_ALT
*
* MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let Mbed TLS use your
* alternate core implementation of a symmetric crypto, an arithmetic or hash
* module (e.g. platform specific assembly optimized implementations). Keep
* in mind that the function prototypes should remain the same.
*
* This replaces the whole module. If you only want to replace one of the
* functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
*
* Example: In case you uncomment MBEDTLS_AES_ALT, Mbed TLS will no longer
* provide the "struct mbedtls_aes_context" definition and omit the base
* function declarations and implementations. "aes_alt.h" will be included from
* "aes.h" to include the new function definitions.
*
* Uncomment a macro to enable alternate implementation of the corresponding
* module.
*
* \warning MD5, DES and SHA-1 are considered weak and their
* use constitutes a security risk. If possible, we recommend
* avoiding dependencies on them, and considering stronger message
* digests and ciphers instead.
*
*/
//#define MBEDTLS_AES_ALT
//#define MBEDTLS_ARIA_ALT
//#define MBEDTLS_CAMELLIA_ALT
//#define MBEDTLS_CCM_ALT
//#define MBEDTLS_CMAC_ALT
//#define MBEDTLS_DES_ALT
//#define MBEDTLS_GCM_ALT
//#define MBEDTLS_NIST_KW_ALT
//#define MBEDTLS_MD5_ALT
//#define MBEDTLS_RIPEMD160_ALT
//#define MBEDTLS_SHA1_ALT

23
tests/include/alt-dummy/aes_alt.h
View File

@ -1,23 +0,0 @@
/* aes_alt.h with dummy types for MBEDTLS_AES_ALT */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef AES_ALT_H
#define AES_ALT_H
typedef struct mbedtls_aes_context {
int dummy;
}
mbedtls_aes_context;
#if defined(MBEDTLS_CIPHER_MODE_XTS)
typedef struct mbedtls_aes_xts_context {
int dummy;
} mbedtls_aes_xts_context;
#endif
#endif /* aes_alt.h */

16
tests/include/alt-dummy/aria_alt.h
View File

@ -1,16 +0,0 @@
/* aria_alt.h with dummy types for MBEDTLS_ARIA_ALT */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef ARIA_ALT_H
#define ARIA_ALT_H
typedef struct mbedtls_aria_context {
int dummy;
}
mbedtls_aria_context;
#endif /* aria_alt.h */

16
tests/include/alt-dummy/camellia_alt.h
View File

@ -1,16 +0,0 @@
/* camellia_alt.h with dummy types for MBEDTLS_CAMELLIA_ALT */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef CAMELLIA_ALT_H
#define CAMELLIA_ALT_H
typedef struct mbedtls_camellia_context {
int dummy;
}
mbedtls_camellia_context;
#endif /* camellia_alt.h */

16
tests/include/alt-dummy/ccm_alt.h
View File

@ -1,16 +0,0 @@
/* ccm_alt.h with dummy types for MBEDTLS_CCM_ALT */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef CCM_ALT_H
#define CCM_ALT_H
typedef struct mbedtls_ccm_context {
int dummy;
}
mbedtls_ccm_context;
#endif /* ccm_alt.h */

22
tests/include/alt-dummy/des_alt.h
View File

@ -1,22 +0,0 @@
/* des_alt.h with dummy types for MBEDTLS_DES_ALT */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
*/
#ifndef DES_ALT_H
#define DES_ALT_H
typedef struct mbedtls_des_context {
int dummy;
}
mbedtls_des_context;
typedef struct mbedtls_des3_context {
int dummy;
}
mbedtls_des3_context;
#endif /* des_alt.h */

16
tests/include/alt-dummy/gcm_alt.h
View File

@ -1,16 +0,0 @@
/* gcm_alt.h with dummy types for MBEDTLS_GCM_ALT */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef GCM_ALT_H
#define GCM_ALT_H
typedef struct mbedtls_gcm_context {
int dummy;
}
mbedtls_gcm_context;
#endif /* gcm_alt.h */

15
tests/include/alt-dummy/nist_kw_alt.h
View File

@ -1,15 +0,0 @@
/* nist_kw_alt.h with dummy types for MBEDTLS_NIST_KW_ALT */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef NIST_KW_ALT_H
#define NIST_KW_ALT_H
typedef struct {
int dummy;
} mbedtls_nist_kw_context;
#endif /* nist_kw_alt.h */

13
tests/include/test/psa_crypto_helpers.h
View File

@ -251,8 +251,7 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string);
* \param key_type Key type
* \param key_bits Key length in number of bits.
*/
#if defined(MBEDTLS_AES_ALT) || \
defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
#if defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
#define MBEDTLS_TEST_HAVE_ALT_AES 1
#else
@ -294,18 +293,18 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string);
* \param alg The AEAD algorithm.
* \param nonce_length The nonce length in number of bytes.
*/
#if defined(MBEDTLS_GCM_ALT) || \
defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
#define MBEDTLS_TEST_HAVE_ALT_GCM 1
#if defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
#define MBEDTLS_TEST_HAVE_ACCEL_GCM 1
#else
#define MBEDTLS_TEST_HAVE_ALT_GCM 0
#define MBEDTLS_TEST_HAVE_ACCEL_GCM 0
#endif
#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, \
nonce_length) \
do \
{ \
if ((MBEDTLS_TEST_HAVE_ALT_GCM) && \
if ((MBEDTLS_TEST_HAVE_ACCEL_GCM) && \
(PSA_ALG_AEAD_WITH_SHORTENED_TAG((alg), 0) == \
PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0)) && \
((nonce_length) != 12)) \

1
tests/suites/test_suite_ccm.data
View File

@ -36,7 +36,6 @@ CCM lengths #6 tag length not even
ccm_lengths:5:10:5:7:MBEDTLS_ERR_CCM_BAD_INPUT
CCM lengths #7 AD too long (2^16 - 2^8)
depends_on:!MBEDTLS_CCM_ALT
ccm_lengths:5:10:65280:8:MBEDTLS_ERR_CCM_BAD_INPUT
CCM lengths #8 msg too long for this IV length (2^16, q = 2)

8
tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h
View File

@ -53,10 +53,6 @@
extern "C" {
#endif
#if !defined(MBEDTLS_AES_ALT)
// Regular implementation
//
/**
* \brief The AES context-type definition.
*/
@ -88,10 +84,6 @@ typedef struct mbedtls_aes_xts_context {
} mbedtls_aes_xts_context;
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#else /* MBEDTLS_AES_ALT */
#include "aes_alt.h"
#endif /* MBEDTLS_AES_ALT */
/**
* \brief This function initializes the specified AES context.
*

8
tf-psa-crypto/drivers/builtin/include/mbedtls/aria.h
View File

@ -42,10 +42,6 @@
extern "C" {
#endif
#if !defined(MBEDTLS_ARIA_ALT)
// Regular implementation
//
/**
* \brief The ARIA context-type definition.
*/
@ -56,10 +52,6 @@ typedef struct mbedtls_aria_context {
}
mbedtls_aria_context;
#else /* MBEDTLS_ARIA_ALT */
#include "aria_alt.h"
#endif /* MBEDTLS_ARIA_ALT */
/**
* \brief This function initializes the specified ARIA context.
*

8
tf-psa-crypto/drivers/builtin/include/mbedtls/camellia.h
View File

@ -31,10 +31,6 @@
extern "C" {
#endif
#if !defined(MBEDTLS_CAMELLIA_ALT)
// Regular implementation
//
/**
* \brief CAMELLIA context structure
*/
@ -44,10 +40,6 @@ typedef struct mbedtls_camellia_context {
}
mbedtls_camellia_context;
#else /* MBEDTLS_CAMELLIA_ALT */
#include "camellia_alt.h"
#endif /* MBEDTLS_CAMELLIA_ALT */
/**
* \brief Initialize a CAMELLIA context.
*

8
tf-psa-crypto/drivers/builtin/include/mbedtls/ccm.h
View File

@ -58,10 +58,6 @@
extern "C" {
#endif
#if !defined(MBEDTLS_CCM_ALT)
// Regular implementation
//
/**
* \brief The CCM context-type definition. The CCM context is passed
* to the APIs called.
@ -94,10 +90,6 @@ typedef struct mbedtls_ccm_context {
}
mbedtls_ccm_context;
#else /* MBEDTLS_CCM_ALT */
#include "ccm_alt.h"
#endif /* MBEDTLS_CCM_ALT */
/**
* \brief This function initializes the specified CCM context,
* to make references valid, and prepare the context

7
tf-psa-crypto/drivers/builtin/include/mbedtls/des.h
View File

@ -34,10 +34,6 @@
extern "C" {
#endif
#if !defined(MBEDTLS_DES_ALT)
// Regular implementation
//
/**
* \brief DES context structure
*
@ -62,9 +58,6 @@ typedef struct mbedtls_des3_context {
}
mbedtls_des3_context;
#else /* MBEDTLS_DES_ALT */
#include "des_alt.h"
#endif /* MBEDTLS_DES_ALT */
/**
* \brief Initialize DES context

6
tf-psa-crypto/drivers/builtin/include/mbedtls/gcm.h
View File

@ -44,8 +44,6 @@
extern "C" {
#endif
#if !defined(MBEDTLS_GCM_ALT)
#if defined(MBEDTLS_GCM_LARGE_TABLE)
#define MBEDTLS_GCM_HTABLE_SIZE 256
#else
@ -74,10 +72,6 @@ typedef struct mbedtls_gcm_context {
}
mbedtls_gcm_context;
#else /* !MBEDTLS_GCM_ALT */
#include "gcm_alt.h"
#endif /* !MBEDTLS_GCM_ALT */
/**
* \brief This function initializes the specified GCM context,
* to make references valid, and prepares the context

8
tf-psa-crypto/drivers/builtin/include/mbedtls/nist_kw.h
View File

@ -37,10 +37,6 @@ typedef enum {
MBEDTLS_KW_MODE_KWP = 1
} mbedtls_nist_kw_mode_t;
#if !defined(MBEDTLS_NIST_KW_ALT)
// Regular implementation
//
/**
* \brief The key wrapping context-type definition. The key wrapping context is passed
* to the APIs called.
@ -52,10 +48,6 @@ typedef struct {
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
} mbedtls_nist_kw_context;
#else /* MBEDTLS_NIST_key wrapping_ALT */
#include "nist_kw_alt.h"
#endif /* MBEDTLS_NIST_KW_ALT */
/**
* \brief This function initializes the specified key wrapping context
* to make references valid and prepare the context

28
tf-psa-crypto/drivers/builtin/src/aes.c
View File

@ -50,8 +50,6 @@
#define MBEDTLS_AES_NEED_REVERSE_TABLES
#endif
#if !defined(MBEDTLS_AES_ALT)
#if defined(MBEDTLS_AES_ROM_TABLES)
/*
* Forward S-box
@ -1436,8 +1434,6 @@ exit:
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#endif /* !MBEDTLS_AES_ALT */
#if defined(MBEDTLS_SELF_TEST)
/*
* AES test vectors from:
@ -1800,9 +1796,6 @@ int mbedtls_aes_self_test(int verbose)
mbedtls_aes_init(&ctx);
if (verbose != 0) {
#if defined(MBEDTLS_AES_ALT)
mbedtls_printf(" AES note: alternative implementation.\n");
#else /* MBEDTLS_AES_ALT */
#if defined(MBEDTLS_AESNI_HAVE_CODE)
#if MBEDTLS_AESNI_HAVE_CODE == 1
mbedtls_printf(" AES note: AESNI code present (assembly implementation).\n");
@ -1825,7 +1818,6 @@ int mbedtls_aes_self_test(int verbose)
mbedtls_printf(" AES note: built-in implementation.\n");
#endif
}
#endif /* MBEDTLS_AES_ALT */
}
/*
@ -1868,8 +1860,9 @@ int mbedtls_aes_self_test(int verbose)
/*
* AES-192 is an optional feature that may be unavailable when
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
* there is an alternative underlying implementation i.e when
* MBEDTLS_AES_SETKEY_ENC_ALT or MBEDTLS_AES_SETKEY_DEC_ALT
* are defined.
*/
if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) {
mbedtls_printf("skipped\n");
@ -1932,8 +1925,9 @@ int mbedtls_aes_self_test(int verbose)
/*
* AES-192 is an optional feature that may be unavailable when
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
* there is an alternative underlying implementation i.e when
* MBEDTLS_AES_SETKEY_ENC_ALT or MBEDTLS_AES_SETKEY_DEC_ALT
* are defined.
*/
if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) {
mbedtls_printf("skipped\n");
@ -1999,8 +1993,9 @@ int mbedtls_aes_self_test(int verbose)
ret = mbedtls_aes_setkey_enc(&ctx, key, keybits);
/*
* AES-192 is an optional feature that may be unavailable when
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
* there is an alternative underlying implementation i.e when
* MBEDTLS_AES_SETKEY_ENC_ALT or MBEDTLS_AES_SETKEY_DEC_ALT
* are defined.
*/
if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) {
mbedtls_printf("skipped\n");
@ -2063,8 +2058,9 @@ int mbedtls_aes_self_test(int verbose)
ret = mbedtls_aes_setkey_enc(&ctx, key, keybits);
/*
* AES-192 is an optional feature that may be unavailable when
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
* there is an alternative underlying implementation i.e when
* MBEDTLS_AES_SETKEY_ENC_ALT or MBEDTLS_AES_SETKEY_DEC_ALT
* are defined.
*/
if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) {
mbedtls_printf("skipped\n");

3
tf-psa-crypto/drivers/builtin/src/aria.c
View File

@ -21,8 +21,6 @@
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_ARIA_ALT)
#include "mbedtls/platform_util.h"
/*
@ -657,7 +655,6 @@ int mbedtls_aria_crypt_ctr(mbedtls_aria_context *ctx,
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#endif /* !MBEDTLS_ARIA_ALT */
#if defined(MBEDTLS_SELF_TEST)

3
tf-psa-crypto/drivers/builtin/src/camellia.c
View File

@ -22,8 +22,6 @@
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_CAMELLIA_ALT)
static const unsigned char SIGMA_CHARS[6][8] =
{
{ 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
@ -657,7 +655,6 @@ int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#endif /* !MBEDTLS_CAMELLIA_ALT */
#if defined(MBEDTLS_SELF_TEST)

4
tf-psa-crypto/drivers/builtin/src/ccm.c
View File

@ -38,9 +38,6 @@
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_CCM_ALT)
/*
* Initialize context
*/
@ -626,7 +623,6 @@ int mbedtls_ccm_auth_decrypt(mbedtls_ccm_context *ctx, size_t length,
iv, iv_len, add, add_len,
input, output, tag, tag_len);
}
#endif /* !MBEDTLS_CCM_ALT */
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_CCM_GCM_CAN_AES)
/*

4
tf-psa-crypto/drivers/builtin/src/des.c
View File

@ -23,8 +23,6 @@
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_DES_ALT)
/*
* Expanded DES S-boxes
*/
@ -773,8 +771,6 @@ exit:
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* !MBEDTLS_DES_ALT */
#if defined(MBEDTLS_SELF_TEST)
/*
* DES and 3DES test vectors from:

20
tf-psa-crypto/drivers/builtin/src/gcm.c
View File

@ -39,8 +39,6 @@
#include "aesce.h"
#endif
#if !defined(MBEDTLS_GCM_ALT)
/* Used to select the acceleration mechanism */
#define MBEDTLS_GCM_ACC_SMALLTABLE 0
#define MBEDTLS_GCM_ACC_LARGETABLE 1
@ -780,8 +778,6 @@ void mbedtls_gcm_free(mbedtls_gcm_context *ctx)
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_gcm_context));
}
#endif /* !MBEDTLS_GCM_ALT */
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_CCM_GCM_CAN_AES)
/*
* AES-GCM test vectors from:
@ -1024,9 +1020,6 @@ int mbedtls_gcm_self_test(int verbose)
size_t olen;
if (verbose != 0) {
#if defined(MBEDTLS_GCM_ALT)
mbedtls_printf(" GCM note: alternative implementation.\n");
#else /* MBEDTLS_GCM_ALT */
#if defined(MBEDTLS_AESNI_HAVE_CODE)
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) {
mbedtls_printf(" GCM note: using AESNI.\n");
@ -1040,7 +1033,6 @@ int mbedtls_gcm_self_test(int verbose)
#endif
mbedtls_printf(" GCM note: built-in implementation.\n");
#endif /* MBEDTLS_GCM_ALT */
}
static const int loop_limit =
@ -1062,8 +1054,8 @@ int mbedtls_gcm_self_test(int verbose)
key_len);
/*
* AES-192 is an optional feature that may be unavailable when
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
* there is an alternative underlying implementation such as a
* PSA driver.
*/
if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && key_len == 192) {
mbedtls_printf("skipped\n");
@ -1080,14 +1072,6 @@ int mbedtls_gcm_self_test(int verbose)
add_len_test_data[i],
pt_test_data[pt_index_test_data[i]],
buf, 16, tag_buf);
#if defined(MBEDTLS_GCM_ALT)
/* Allow alternative implementations to only support 12-byte nonces. */
if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED &&
iv_len_test_data[i] != 12) {
mbedtls_printf("skipped\n");
break;
}
#endif /* defined(MBEDTLS_GCM_ALT) */
if (ret != 0) {
goto exit;
}

4
tf-psa-crypto/drivers/builtin/src/nist_kw.c
View File

@ -30,8 +30,6 @@
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_NIST_KW_ALT)
#define KW_SEMIBLOCK_LENGTH 8
#define MIN_SEMIBLOCKS_COUNT 3
@ -449,8 +447,6 @@ cleanup:
return ret;
}
#endif /* !MBEDTLS_NIST_KW_ALT */
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
/*