TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / fac2f9b4ce90cf9a203dcaa15c44b4290741270d^! / .
commitfac2f9b4ce90cf9a203dcaa15c44b4290741270d[log] [tgz]
authorAndrzej Kurek <andrzej.kurek@arm.com>Sun Jul 19 00:32:34 2020 -0400
committerAndrzej Kurek <andrzej.kurek@arm.com>Sun Jul 19 05:01:44 2020 -0400
tree5502366982e7c2c0c14cef50dbdc0bcaf9be83fa
parente78775eed2be169787199798189ad1e965f8c0a7 [diff]
aes: move the fake key operations to AES_SCA_COUNTERMEASURES define

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 055107a..cb7d726 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h

@@ -87,7 +87,9 @@
 {
     int nr;                     /*!< The number of rounds. */
     uint32_t *rk;               /*!< AES round keys. */
+#if defined(MBEDTLS_AES_SCA_COUNTERMEASURES)
     uint32_t frk[8];            /*!< Fake AES round keys. */
+#endif
 #if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_PADLOCK_C)
     uint32_t buf[44];           /*!< Unaligned data buffer */
 #else /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */

diff --git a/library/aes.c b/library/aes.c
index 03dabd8..e7a888f 100644
--- a/library/aes.c
+++ b/library/aes.c

@@ -675,6 +675,7 @@
 }
 #endif /* MBEDTLS_CIPHER_MODE_XTS */
 
+#if defined(MBEDTLS_AES_SCA_COUNTERMEASURES)
 static void mbedtls_generate_fake_key( unsigned int keybits, mbedtls_aes_context *ctx )
 {
     unsigned int qword;
@@ -684,6 +685,7 @@
         ctx->frk[ qword - 1 ] = mbedtls_platform_random_uint32();
     }
 }
+#endif /* MBEDTLS_AES_SCA_COUNTERMEASURES */
 
 /*
  * AES key schedule (encryption)
@@ -729,7 +731,9 @@
     else
 #endif
     ctx->rk = RK = ctx->buf;
+#if defined(MBEDTLS_AES_SCA_COUNTERMEASURES)
     mbedtls_generate_fake_key( keybits, ctx );
+#endif
 
 #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
     if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
@@ -869,7 +873,9 @@
     else
 #endif
     ctx->rk = RK = ctx->buf;
+#if defined(MBEDTLS_AES_SCA_COUNTERMEASURES)
     mbedtls_generate_fake_key( keybits, ctx );
+#endif
 
     /* Also checks keybits */
     if( ( ret = mbedtls_aes_setkey_enc( &cty, key, keybits ) ) != 0 )
@@ -1084,6 +1090,7 @@
 
     aes_data_real.rk_ptr = ctx->rk;
     aes_data_fake.rk_ptr = ctx->frk;
+
     aes_data_table[0] = &aes_data_real;
     aes_data_table[1] = &aes_data_fake;
 
@@ -1364,6 +1371,7 @@
 
     aes_data_real.rk_ptr = ctx->rk;
     aes_data_fake.rk_ptr = ctx->frk;
+
     aes_data_table[0] = &aes_data_real;
     aes_data_table[1] = &aes_data_fake;