eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #7851 from daverodgman/fix-unused-aes

Browse source 
Fix AES dependencies - build TF-M config cleanly
This commit is contained in:
Dave Rodgman 2023-07-03 16:49:00 +01:00 committed by GitHub
commit 9cf17dad9d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 115 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog.d/fix-tfm-build.txt Normal file
View file

@ -0,0 +1,5 @@
Bugfix
* Fix compilation warnings in aes.c, which prevented the
example TF-M configuration in configs/ from building cleanly:
tfm_mbedcrypto_config_profile_medium.h with
crypto_config_profile_medium.h.

36
library/aes.c
View file

@ -55,6 +55,8 @@ static int aes_padlock_ace = -1;
/* /*
* Forward S-box * Forward S-box
*/ */
#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
!defined(MBEDTLS_AES_SETKEY_DEC_ALT)
static const unsigned char FSb[256] = static const unsigned char FSb[256] =
{ {
0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
@ -90,6 +92,8 @@ static const unsigned char FSb[256] =
0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
}; };
#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
!defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
/* /*
* Forward tables * Forward tables
@ -161,6 +165,7 @@ static const unsigned char FSb[256] =
V(C3, 41, 41, 82), V(B0, 99, 99, 29), V(77, 2D, 2D, 5A), V(11, 0F, 0F, 1E), \ V(C3, 41, 41, 82), V(B0, 99, 99, 29), V(77, 2D, 2D, 5A), V(11, 0F, 0F, 1E), \
V(CB, B0, B0, 7B), V(FC, 54, 54, A8), V(D6, BB, BB, 6D), V(3A, 16, 16, 2C) V(CB, B0, B0, 7B), V(FC, 54, 54, A8), V(D6, BB, BB, 6D), V(3A, 16, 16, 2C)
#if !defined(MBEDTLS_AES_ENCRYPT_ALT)
#define V(a, b, c, d) 0x##a##b##c##d #define V(a, b, c, d) 0x##a##b##c##d
static const uint32_t FT0[256] = { FT }; static const uint32_t FT0[256] = { FT };
#undef V #undef V
@ -181,8 +186,11 @@ static const uint32_t FT3[256] = { FT };
#endif /* !MBEDTLS_AES_FEWER_TABLES */ #endif /* !MBEDTLS_AES_FEWER_TABLES */
#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) */
#undef FT #undef FT
#if !defined(MBEDTLS_AES_DECRYPT_ALT)
/* /*
* Reverse S-box * Reverse S-box
*/ */
@ -221,6 +229,7 @@ static const unsigned char RSb[256] =
0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
}; };
#endif /* defined(MBEDTLS_AES_DECRYPT_ALT)) */
/* /*
* Reverse tables * Reverse tables
@ -292,6 +301,8 @@ static const unsigned char RSb[256] =
V(71, 01, A8, 39), V(DE, B3, 0C, 08), V(9C, E4, B4, D8), V(90, C1, 56, 64), \ V(71, 01, A8, 39), V(DE, B3, 0C, 08), V(9C, E4, B4, D8), V(90, C1, 56, 64), \
V(61, 84, CB, 7B), V(70, B6, 32, D5), V(74, 5C, 6C, 48), V(42, 57, B8, D0) V(61, 84, CB, 7B), V(70, B6, 32, D5), V(74, 5C, 6C, 48), V(42, 57, B8, D0)
#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
#define V(a, b, c, d) 0x##a##b##c##d #define V(a, b, c, d) 0x##a##b##c##d
static const uint32_t RT0[256] = { RT }; static const uint32_t RT0[256] = { RT };
#undef V #undef V
@ -310,10 +321,13 @@ static const uint32_t RT2[256] = { RT };
static const uint32_t RT3[256] = { RT }; static const uint32_t RT3[256] = { RT };
#undef V #undef V
#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
#endif /* !MBEDTLS_AES_FEWER_TABLES */ #endif /* !MBEDTLS_AES_FEWER_TABLES */
#undef RT #undef RT
#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
/* /*
* Round constants * Round constants
*/ */
@ -323,31 +337,44 @@ static const uint32_t RCON[10] =
0x00000010, 0x00000020, 0x00000040, 0x00000080, 0x00000010, 0x00000020, 0x00000040, 0x00000080,
0x0000001B, 0x00000036 0x0000001B, 0x00000036
}; };
#endif /* !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */
#else /* MBEDTLS_AES_ROM_TABLES */ #else /* MBEDTLS_AES_ROM_TABLES */
/* /*
* Forward S-box & tables * Forward S-box & tables
*/ */
#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
!defined(MBEDTLS_AES_SETKEY_DEC_ALT)
static unsigned char FSb[256]; static unsigned char FSb[256];
#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
!defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
static uint32_t FT0[256]; static uint32_t FT0[256];
#if !defined(MBEDTLS_AES_FEWER_TABLES) #if !defined(MBEDTLS_AES_FEWER_TABLES)
static uint32_t FT1[256]; static uint32_t FT1[256];
static uint32_t FT2[256]; static uint32_t FT2[256];
static uint32_t FT3[256]; static uint32_t FT3[256];
#endif /* !MBEDTLS_AES_FEWER_TABLES */ #endif /* !MBEDTLS_AES_FEWER_TABLES */
#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */
/* /*
* Reverse S-box & tables * Reverse S-box & tables
*/ */
#if !(defined(MBEDTLS_AES_SETKEY_ENC_ALT) && defined(MBEDTLS_AES_DECRYPT_ALT))
static unsigned char RSb[256]; static unsigned char RSb[256];
#endif /* !(defined(MBEDTLS_AES_SETKEY_ENC_ALT) && defined(MBEDTLS_AES_DECRYPT_ALT)) */
#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
static uint32_t RT0[256]; static uint32_t RT0[256];
#if !defined(MBEDTLS_AES_FEWER_TABLES) #if !defined(MBEDTLS_AES_FEWER_TABLES)
static uint32_t RT1[256]; static uint32_t RT1[256];
static uint32_t RT2[256]; static uint32_t RT2[256];
static uint32_t RT3[256]; static uint32_t RT3[256];
#endif /* !MBEDTLS_AES_FEWER_TABLES */ #endif /* !MBEDTLS_AES_FEWER_TABLES */
#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
/* /*
* Round constants * Round constants
*/ */
@ -425,6 +452,7 @@ static void aes_gen_tables(void)
x = RSb[i]; x = RSb[i];
#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
RT0[i] = ((uint32_t) MUL(0x0E, x)) ^ RT0[i] = ((uint32_t) MUL(0x0E, x)) ^
((uint32_t) MUL(0x09, x) << 8) ^ ((uint32_t) MUL(0x09, x) << 8) ^
((uint32_t) MUL(0x0D, x) << 16) ^ ((uint32_t) MUL(0x0D, x) << 16) ^
@ -435,9 +463,12 @@ static void aes_gen_tables(void)
RT2[i] = ROTL8(RT1[i]); RT2[i] = ROTL8(RT1[i]);
RT3[i] = ROTL8(RT2[i]); RT3[i] = ROTL8(RT2[i]);
#endif /* !MBEDTLS_AES_FEWER_TABLES */ #endif /* !MBEDTLS_AES_FEWER_TABLES */
#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
} }
} }
#endif /* !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */
#undef ROTL8 #undef ROTL8
#endif /* MBEDTLS_AES_ROM_TABLES */ #endif /* MBEDTLS_AES_ROM_TABLES */
@ -514,6 +545,9 @@ void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx)
(defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2) (defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2)
#define MAY_NEED_TO_ALIGN #define MAY_NEED_TO_ALIGN
#endif #endif
#if defined(MAY_NEED_TO_ALIGN) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) || \
!defined(MBEDTLS_AES_SETKEY_ENC_ALT)
static unsigned mbedtls_aes_rk_offset(uint32_t *buf) static unsigned mbedtls_aes_rk_offset(uint32_t *buf)
{ {
#if defined(MAY_NEED_TO_ALIGN) #if defined(MAY_NEED_TO_ALIGN)
@ -550,6 +584,8 @@ static unsigned mbedtls_aes_rk_offset(uint32_t *buf)
return 0; return 0;
} }
#endif /* defined(MAY_NEED_TO_ALIGN) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) || \
!defined(MBEDTLS_AES_SETKEY_ENC_ALT) */
/* /*
* AES key schedule (encryption) * AES key schedule (encryption)

4
library/x509.c
View file

@ -134,6 +134,8 @@ int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end,
/* /*
* Convert md type to string * Convert md type to string
*/ */
#if !defined(MBEDTLS_X509_REMOVE_INFO) && defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
static inline const char *md_type_to_string(mbedtls_md_type_t md_alg) static inline const char *md_type_to_string(mbedtls_md_type_t md_alg)
{ {
switch (md_alg) { switch (md_alg) {
@ -172,6 +174,8 @@ static inline const char *md_type_to_string(mbedtls_md_type_t md_alg)
} }
} }
#endif /* !defined(MBEDTLS_X509_REMOVE_INFO) && defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) */
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
/* /*
* HashAlgorithm ::= AlgorithmIdentifier * HashAlgorithm ::= AlgorithmIdentifier

70
tests/scripts/all.sh
View file

@ -3337,6 +3337,76 @@ component_build_psa_accel_key_type_rsa_public_key() {
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
} }
support_build_tfm_armcc () {
armc6_cc="$ARMC6_BIN_DIR/armclang"
(check_tools "$armc6_cc" > /dev/null 2>&1)
}
component_build_tfm_armcc() {
# test the TF-M configuration can build cleanly with various warning flags enabled
cp configs/tfm_mbedcrypto_config_profile_medium.h include/mbedtls/mbedtls_config.h
cp configs/crypto_config_profile_medium.h include/psa/crypto_config.h
msg "build: TF-M config, armclang armv7-m thumb2"
make clean
armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused"
}
component_build_tfm() {
# test the TF-M configuration can build cleanly with various warning flags enabled
cp configs/tfm_mbedcrypto_config_profile_medium.h include/mbedtls/mbedtls_config.h
cp configs/crypto_config_profile_medium.h include/psa/crypto_config.h
msg "build: TF-M config, clang, armv7-m thumb2"
make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused"
msg "build: TF-M config, gcc native build"
make clean
make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op"
}
component_build_aes_variations() { # ~45s
# aes.o has many #if defined(...) guards that intersect in complex ways.
# Test that all the combinations build cleanly. The most common issue is
# unused variables/functions, so ensure -Wunused is set.
msg "build: aes.o for all combinations of relevant config options"
for a in set unset; do
for b in set unset; do
for c in set unset; do
for d in set unset; do
for e in set unset; do
for f in set unset; do
for g in set unset; do
echo ./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT
echo ./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT
echo ./scripts/config.py $c MBEDTLS_AES_ROM_TABLES
echo ./scripts/config.py $d MBEDTLS_AES_ENCRYPT_ALT
echo ./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT
echo ./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES
echo ./scripts/config.py $g MBEDTLS_PADLOCK_C
./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT
./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT
./scripts/config.py $c MBEDTLS_AES_ROM_TABLES
./scripts/config.py $d MBEDTLS_AES_ENCRYPT_ALT
./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT
./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES
./scripts/config.py $g MBEDTLS_PADLOCK_C
rm -f library/aes.o
make -C library aes.o CC="clang" CFLAGS="-O0 -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused"
done
done
done
done
done
done
done
}
component_test_no_platform () { component_test_no_platform () {
# Full configuration build, without platform support, file IO and net sockets. # Full configuration build, without platform support, file IO and net sockets.
# This should catch missing mbedtls_printf definitions, and by disabling file # This should catch missing mbedtls_printf definitions, and by disabling file