Support the negative option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT #8124
Conversation
Signed-off-by: Yanray Wang <[email protected]>
Variable RSb is only used for either computing reverse tables in aes_gen_tables or AES-decryption function. This commit provides more guards for when RSb is defined and used. Signed-off-by: Yanray Wang <[email protected]>
yanrayw
added
needs-work
needs-ci
yanrayw
force-pushed
the
support_cipher_encrypt_only
branch
from
4603fba to
ae2227a
Compare
yanrayw
changed the title
yanrayw
force-pushed
the
support_cipher_encrypt_only
branch
5 times, most recently
from
0ce21b4 to
c218de2
Compare
Signed-off-by: Yanray Wang <[email protected]>
Signed-off-by: Yanray Wang <[email protected]>
Signed-off-by: Yanray Wang <[email protected]>
Some cipher modes use cipher-encrypt to encrypt and decrypt. (E.g: ECB, CBC). This commit adds support to automatically enable CIPHER_ENCRYPT_ONLY by PSA when requested cipher modes don't need cipher_decrypt. Signed-off-by: Yanray Wang <[email protected]>
Signed-off-by: Yanray Wang <[email protected]>
This is a pre-step to remove *setkey_dec_func in cipher_wrap ctx when CIPHER_ENCRYPT_ONLY is enabled. Signed-off-by: Yanray Wang <[email protected]>
There is no need to set decrypt key under CIPHER_ENCRYPT_ONLY, so we can remove *setkey_dec_func from ctx to save extra code size. Signed-off-by: Yanray Wang <[email protected]>
dh_client requests AES-ECB to do decryption. So it needs to be removed under CIPHER_ENCRYPT_ONLY. Signed-off-by: Yanray Wang <[email protected]>
Signed-off-by: Yanray Wang <[email protected]>
Signed-off-by: Yanray Wang <[email protected]>
Signed-off-by: Yanray Wang <[email protected]>
|
The recently added component |
- add !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT in whitelist Signed-off-by: Yanray Wang <[email protected]>
Signed-off-by: Yanray Wang <[email protected]>
yanrayw
force-pushed
the
support_cipher_encrypt_only
branch
from
0df5512 to
42be1ba
Compare
yanrayw
added
needs-review
tests/scripts/all.sh
Outdated
| # By default, sort (v8.25) on ubuntu-16 and sort (v8.30) on ubuntu-20 | ||
| # sort text in different order. We use -d option to sort text in | ||
| # an order considering only blanks and alphanumeric characters. | ||
| sort -ud > $found |
There was a problem hiding this comment.
sort -ud would consider FOO and !FOO the same and omit the one with later occurrence.
I'm not sure if it is major, since we are seemly to have very low possibility to have both FOO and !FOO dependencies in psa tests.
In fact, the different results are related to reference:
Collation order and (multi-byte) character type are influenced by your locale.
So, I would suggest to use sort -u | sort -d > $found or LC_ALL=C sort -u > $found.
Wdyt?
There was a problem hiding this comment.
Good point! I think I like LC_ALL_C sort -u better if it works, otherwise LC_ALL=C sort -u | sort -d.
There was a problem hiding this comment.
-d doesn't protect against locale differences. Please use LC_ALL=C sort … or add export LC_COLLATE=C to pre_initialize_variables. (Not LC_ALL=C because I think we should preserve at least LC_CTYPE.)
There was a problem hiding this comment.
To avoid similar sorting issues in our test components, I add export LC_COLLATE=C to pre_initialize_variables. Please take a look at the new changes.
By default, 'sort' sorts characters with system default locale, which causes unexpected sorting order. To sort characters in ASCII from computer perspective, export LC_COLLATE=C to specify character collation for regular expressions and sorting with C locale. Signed-off-by: Yanray Wang <[email protected]>
daverodgman
added
approved
Description
Fix #7368 fix #7369 fix #7370 fix #7367
Fix #8460
This PR adds a new configuration option
MBEDTLS_BLOCK_CIPHER_NO_DECRYPTto remove decryption operation for AES/ARIA/CAMELLIA in some cipher modes. This option is always incompatible withMBEDTLS_DES_C,BEDTLS_CIPHER_MODE_CBC,MBEDTLS_CIPHER_MODE_XTSandMBEDTLS_NIST_KW_C.PR checklist
Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")