Add config option for AES encryption only
-Add config option for AES encyption only to config.h. Feature is
disabled by default.
-Enable AES encrypt only feature in baremetal.h configuration
-Remove AES encypt only feature from full config
diff --git a/library/aes.c b/library/aes.c
index 2672cdf..733aef8 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -222,6 +222,7 @@
#undef FT
+#if !defined(MBEDTLS_AES_ONLY_ENCRYPT)
/*
* Reverse S-box
*/
@@ -260,6 +261,7 @@
0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
};
+#endif /* !MBEDTLS_AES_ONLY_ENCRYPT */
/*
* Reverse tables
@@ -331,9 +333,11 @@
V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
+#if !defined(MBEDTLS_AES_ONLY_ENCRYPT)
#define V(a,b,c,d) 0x##a##b##c##d
static const uint32_t RT0[256] = { RT };
#undef V
+#endif /* !MBEDTLS_AES_ONLY_ENCRYPT */
#if !defined(MBEDTLS_AES_FEWER_TABLES)
@@ -675,6 +679,13 @@
int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits )
{
+#if defined(MBEDTLS_AES_ONLY_ENCRYPT)
+ (void) ctx;
+ (void) key;
+ (void) keybits;
+
+ return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+#else /* */
int i, j, ret;
mbedtls_aes_context cty;
uint32_t *RK;
@@ -737,6 +748,7 @@
mbedtls_aes_free( &cty );
return( ret );
+#endif /* MBEDTLS_AES_ONLY_ENCRYPT */
}
#if defined(MBEDTLS_CIPHER_MODE_XTS)
@@ -937,7 +949,9 @@
/*
* AES-ECB block decryption
*/
+
#if !defined(MBEDTLS_AES_DECRYPT_ALT)
+#if !defined(MBEDTLS_AES_ONLY_ENCRYPT)
int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] )
@@ -991,6 +1005,7 @@
return( 0 );
}
+#endif /* !MBEDTLS_AES_ONLY_ENCRYPT */
#endif /* !MBEDTLS_AES_DECRYPT_ALT */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -998,7 +1013,13 @@
const unsigned char input[16],
unsigned char output[16] )
{
+#if defined(MBEDTLS_AES_ONLY_ENCRYPT)
+ (void) ctx;
+ (void) input;
+ (void) output;
+#else /* MBEDTLS_AES_ONLY_ENCRYPT */
mbedtls_internal_aes_decrypt( ctx, input, output );
+#endif /* MBEDTLS_AES_ONLY_ENCRYPT */
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -1015,6 +1036,7 @@
AES_VALIDATE_RET( output != NULL );
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
mode == MBEDTLS_AES_DECRYPT );
+ (void) mode;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
@@ -1032,11 +1054,15 @@
//
}
#endif
+#if defined(MBEDTLS_AES_ONLY_ENCRYPT)
+ return( mbedtls_internal_aes_encrypt( ctx, input, output ) );
+#else /* MBEDTLS_AES_ONLY_ENCRYPT */
if( mode == MBEDTLS_AES_ENCRYPT )
return( mbedtls_internal_aes_encrypt( ctx, input, output ) );
else
return( mbedtls_internal_aes_decrypt( ctx, input, output ) );
+#endif /* MBEDTLS_AES_ONLY_ENCRYPT */
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
diff --git a/library/version_features.c b/library/version_features.c
index a708673..7a97d38 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -267,6 +267,9 @@
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
"MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH",
#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
+#if defined(MBEDTLS_AES_ONLY_ENCRYPT)
+ "MBEDTLS_AES_ONLY_ENCRYPT",
+#endif /* MBEDTLS_AES_ONLY_ENCRYPT */
#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
"MBEDTLS_CAMELLIA_SMALL_MEMORY",
#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */