[baremetal] Add AES configuration for 128 bit keys

configs/baremetal.h

@@ -39,6 +39,7 @@
 #define MBEDTLS_AES_C
 #define MBEDTLS_AES_ROM_TABLES
 #define MBEDTLS_AES_FEWER_TABLES
+#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 #define MBEDTLS_CCM_C
 
 /* Asymmetric crypto: Single-curve ECC only. */

include/mbedtls/aes.h

@@ -87,6 +87,9 @@ typedef struct mbedtls_aes_context
 {
     int nr;                     /*!< The number of rounds. */
     uint32_t *rk;               /*!< AES round keys. */
+#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_PADLOCK_C)
+    uint32_t buf[44];           /*!< Unaligned data buffer */
+#else /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
     uint32_t buf[68];           /*!< Unaligned data buffer. This buffer can
                                      hold 32 extra Bytes, which can be used for
                                      one of the following purposes:
@@ -95,6 +98,7 @@ typedef struct mbedtls_aes_context
                                      <li>Simplifying key expansion in the 256-bit
                                          case by generating an extra round key.
                                          </li></ul> */
+#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
 }
 mbedtls_aes_context;
 

include/mbedtls/check_config.h

@@ -74,6 +74,10 @@
 #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
+#error "MBEDTLS_CTR_DRBG_C and MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH defined, but MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is not defined"
+#endif
+
 #if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C)
 #error "MBEDTLS_DHM_C defined, but not all prerequisites"
 #endif

include/mbedtls/config.h

@@ -596,6 +596,25 @@
  */
 //#define MBEDTLS_AES_FEWER_TABLES
 
+/**
+ * \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+ *
+ * Use only 128-bit keys in AES operations to save ROM.
+ *
+ * Uncommenting this macro removes support for AES operations that are using 192
+ * or 256-bit keys.
+ *
+ * Tradeoff: Uncommenting this macro reduces ROM footprint by ~240 bytes.
+ *
+ * If uncommented, uncomment also MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ *
+ * Module:  library/aes.c
+ *
+ * Requires: MBEDTLS_AES_C
+ *
+ */
+//#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+
 /**
  * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
  *

library/aes.c

@@ -565,8 +565,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
     switch( keybits )
     {
         case 128: ctx->nr = 10; break;
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
         case 192: ctx->nr = 12; break;
         case 256: ctx->nr = 14; break;
+#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
         default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
     }
 
@@ -615,7 +617,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
                 RK[7]  = RK[3] ^ RK[6];
             }
             break;
-
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
         case 12:
 
             for( i = 0; i < 8; i++, RK += 6 )
@@ -659,6 +661,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
                 RK[15] = RK[7] ^ RK[14];
             }
             break;
+#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
     }
 
     return( 0 );
@@ -1825,6 +1828,14 @@ int mbedtls_aes_self_test( int verbose )
             mbedtls_printf( "  AES-ECB-%3d (%s): ", keybits,
                             ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
 
+#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
+        if( keybits > 128 )
+        {
+            mbedtls_printf( "skipped\n" );
+            continue;
+        }
+#endif
+
         mbedtls_platform_memset( buf, 0, 16 );
 
         if( mode == MBEDTLS_AES_DECRYPT )
@@ -1887,6 +1898,14 @@ int mbedtls_aes_self_test( int verbose )
             mbedtls_printf( "  AES-CBC-%3d (%s): ", keybits,
                             ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
 
+#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
+        if( keybits > 128 )
+        {
+            mbedtls_printf( "skipped\n" );
+            continue;
+        }
+#endif
+
         mbedtls_platform_memset( iv , 0, 16 );
         mbedtls_platform_memset( prv, 0, 16 );
         mbedtls_platform_memset( buf, 0, 16 );
@@ -1962,6 +1981,14 @@ int mbedtls_aes_self_test( int verbose )
             mbedtls_printf( "  AES-CFB128-%3d (%s): ", keybits,
                             ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
 
+#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
+        if( keybits > 128 )
+        {
+            mbedtls_printf( "skipped\n" );
+            continue;
+        }
+#endif
+
         memcpy( iv,  aes_test_cfb128_iv, 16 );
         memcpy( key, aes_test_cfb128_key[u], keybits / 8 );
 
@@ -2025,6 +2052,13 @@ int mbedtls_aes_self_test( int verbose )
             mbedtls_printf( "  AES-OFB-%3d (%s): ", keybits,
                             ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
 
+#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
+        if( keybits > 128 )
+        {
+            mbedtls_printf( "skipped\n" );
+            continue;
+        }
+#endif
         memcpy( iv,  aes_test_ofb_iv, 16 );
         memcpy( key, aes_test_ofb_key[u], keybits / 8 );
 
@@ -2087,6 +2121,14 @@ int mbedtls_aes_self_test( int verbose )
             mbedtls_printf( "  AES-CTR-128 (%s): ",
                             ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
 
+#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
+        if( keybits > 128 )
+        {
+            mbedtls_printf( "skipped\n" );
+            continue;
+        }
+#endif
+
         memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 );
         memcpy( key, aes_test_ctr_key[u], 16 );
 

library/aesni.c

@@ -327,6 +327,7 @@ static void aesni_setkey_enc_128( unsigned char *rk,
 /*
  * Key expansion, 192-bit case
  */
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
 static void aesni_setkey_enc_192( unsigned char *rk,
                                   const unsigned char *key )
 {
@@ -380,10 +381,12 @@ static void aesni_setkey_enc_192( unsigned char *rk,
          : "r" (rk), "r" (key)
          : "memory", "cc", "0" );
 }
+#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
 
 /*
  * Key expansion, 256-bit case
  */
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
 static void aesni_setkey_enc_256( unsigned char *rk,
                                   const unsigned char *key )
 {
@@ -446,6 +449,7 @@ static void aesni_setkey_enc_256( unsigned char *rk,
          : "r" (rk), "r" (key)
          : "memory", "cc", "0" );
 }
+#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
 
 /*
  * Key expansion, wrapper
@@ -457,8 +461,10 @@ int mbedtls_aesni_setkey_enc( unsigned char *rk,
     switch( bits )
     {
         case 128: aesni_setkey_enc_128( rk, key ); break;
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
         case 192: aesni_setkey_enc_192( rk, key ); break;
         case 256: aesni_setkey_enc_256( rk, key ); break;
+#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
         default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
     }
 

library/gcm.c

@@ -797,6 +797,14 @@ int mbedtls_gcm_self_test( int verbose )
                 mbedtls_printf( "  AES-GCM-%3d #%d (%s): ",
                                 key_len, i, "enc" );
 
+#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
+            if( key_len > 128 )
+            {
+                mbedtls_printf( "skipped\n" );
+                continue;
+            }
+#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
+
             ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
                                       key_len );
             /*

library/version_features.c

@@ -264,6 +264,9 @@ static const char *features[] = {
 #if defined(MBEDTLS_AES_FEWER_TABLES)
     "MBEDTLS_AES_FEWER_TABLES",
 #endif /* MBEDTLS_AES_FEWER_TABLES */
+#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
+    "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH",
+#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
 #if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
     "MBEDTLS_CAMELLIA_SMALL_MEMORY",
 #endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */

programs/ssl/query_config.c

@@ -746,6 +746,14 @@ int query_config( const char *config )
     }
 #endif /* MBEDTLS_AES_FEWER_TABLES */
 
+#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
+    if( strcmp( "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH );
+        return( 0 );
+    }
+#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
+
 #if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
     if( strcmp( "MBEDTLS_CAMELLIA_SMALL_MEMORY", config ) == 0 )
     {

scripts/config.pl

@@ -51,6 +51,7 @@
 #   MBEDTLS_PKCS11_C
 #   MBEDTLS_NO_UDBL_DIVISION
 #   MBEDTLS_NO_64BIT_MULTIPLICATION
+#   MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 #   and any symbol beginning _ALT
 #
 
@@ -126,6 +127,7 @@
 MBEDTLS_NO_UDBL_DIVISION
 MBEDTLS_NO_64BIT_MULTIPLICATION
 MBEDTLS_USE_TINYCRYPT
+MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 _ALT\s*$
 );
 

tests/scripts/all.sh

@@ -1263,6 +1263,18 @@ component_test_aes_rom_tables () {
     make test
 }
 
+component_test_aes_only_128_bit_keys () {
+    msg "build: default config with AES_ONLY_128_BIT_KEY_LENGTH enabled"
+    scripts/config.pl set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+    scripts/config.pl set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+    scripts/config.pl unset MBEDTLS_PADLOCK_C
+
+    make CC=gcc CFLAGS='-Werror -O1'
+
+    msg "test: AES_ONLY_128_BIT_KEY_LENGTH"
+    make test
+}
+
 component_test_aes_fewer_tables_and_rom_tables () {
     msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled"
     scripts/config.pl set MBEDTLS_AES_FEWER_TABLES