Swap out CRC calculation in AES in favour of a simple hash
XOR the key bytes upon setting and re-check hash during each use.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 5fb020f..b410b5a 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -91,7 +91,7 @@
uint32_t frk[8]; /*!< Fake AES round keys. */
#endif
#if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY)
- uint16_t crc; /*!< CRC-16 of the set key */
+ uint32_t hash; /*!< hash of the set key */
#endif
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_PADLOCK_C)
uint32_t buf[44]; /*!< Unaligned data buffer */
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 974bf7b..7239557 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -986,10 +986,6 @@
#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously"
#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */
-#if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY) && ( !defined(MBEDTLS_CRC_C) )
-#error "MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY defined, but not MBEDTLS_CRC_C"
-#endif
-
/*
* Avoid warning from -pedantic. This is a convenient place for this
* workaround since this is included by every single file before the
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index db38e81..c4d98e4 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2742,12 +2742,11 @@
/**
* \def MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY
*
- * Enable validation of AES keys by checking their CRC
+ * Enable validation of AES keys by checking their hash
* during every encryption/decryption.
*
* Module: library/aes.c
*
- * Requires: MBEDTLS_CRC_C
*/
//#define MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY