diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 5153e19dd..bda768cfb 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -33,27 +33,6 @@ #include #include "mbedtls/platform_util.h" -/* Support for GCM either through Mbed TLS SW implementation or PSA */ -#if defined(MBEDTLS_GCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) -#define MBEDTLS_CIPHER_HAVE_GCM -#endif -/* Support for CCM either through Mbed TLS SW implementation or PSA */ -#if defined(MBEDTLS_CCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) -#define MBEDTLS_CIPHER_HAVE_CCM -#endif -/* Support for CHACHAPOLY either through Mbed TLS SW implementation or PSA */ -#if defined(MBEDTLS_CHACHAPOLY_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305)) -#define MBEDTLS_CIPHER_HAVE_CHACHAPOLY -#endif - -#if defined(MBEDTLS_CIPHER_HAVE_GCM) || defined(MBEDTLS_CIPHER_HAVE_CCM) || \ - defined(MBEDTLS_CIPHER_HAVE_CHACHAPOLY) -#define MBEDTLS_CIPHER_MODE_AEAD -#endif - #if defined(MBEDTLS_CIPHER_MODE_CBC) #define MBEDTLS_CIPHER_MODE_WITH_PADDING #endif @@ -1097,7 +1076,7 @@ int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen); -#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) +#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD) || defined(MBEDTLS_NIST_KW_C) /** * \brief The authenticated encryption (AEAD/NIST_KW) function. * @@ -1204,7 +1183,7 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t output_len, size_t *olen, size_t tag_len); -#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */ +#endif /* MBEDTLS_CIPHER_HAVE_SOME_AEAD || MBEDTLS_NIST_KW_C */ #ifdef __cplusplus } #endif diff --git a/library/cipher.c b/library/cipher.c index 9f9f1075c..f17f3e0e1 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -1390,7 +1390,7 @@ int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, return 0; } -#if defined(MBEDTLS_CIPHER_MODE_AEAD) +#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD) /* * Packet-oriented encryption for AEAD modes: internal function used by * mbedtls_cipher_auth_encrypt_ext(). @@ -1569,9 +1569,9 @@ static int mbedtls_cipher_aead_decrypt(mbedtls_cipher_context_t *ctx, return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } -#endif /* MBEDTLS_CIPHER_MODE_AEAD */ +#endif /* MBEDTLS_CIPHER_HAVE_SOME_AEAD */ -#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) +#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD) || defined(MBEDTLS_NIST_KW_C) /* * Packet-oriented encryption for AEAD/NIST_KW: public function. */ @@ -1607,7 +1607,7 @@ int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx, } #endif /* MBEDTLS_NIST_KW_C */ -#if defined(MBEDTLS_CIPHER_MODE_AEAD) +#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD) /* AEAD case: check length before passing on to shared function */ if (output_len < ilen + tag_len) { return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; @@ -1620,7 +1620,7 @@ int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx, return ret; #else return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; -#endif /* MBEDTLS_CIPHER_MODE_AEAD */ +#endif /* MBEDTLS_CIPHER_HAVE_SOME_AEAD */ } /* @@ -1658,7 +1658,7 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, } #endif /* MBEDTLS_NIST_KW_C */ -#if defined(MBEDTLS_CIPHER_MODE_AEAD) +#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD) /* AEAD case: check length before passing on to shared function */ if (ilen < tag_len || output_len < ilen - tag_len) { return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; @@ -1669,8 +1669,8 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, input + ilen - tag_len, tag_len); #else return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; -#endif /* MBEDTLS_CIPHER_MODE_AEAD */ +#endif /* MBEDTLS_CIPHER_HAVE_SOME_AEAD */ } -#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */ +#endif /* MBEDTLS_CIPHER_HAVE_SOME_AEAD || MBEDTLS_NIST_KW_C */ #endif /* MBEDTLS_CIPHER_C */ diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 5a789ced9..63b725fb7 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -80,8 +80,7 @@ enum mbedtls_cipher_base_index { #if defined(MBEDTLS_CAMELLIA_C) MBEDTLS_CIPHER_BASE_INDEX_CAMELLIA, #endif -#if (defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) +#if defined(MBEDTLS_CIPHER_HAVE_CCM_AES) MBEDTLS_CIPHER_BASE_INDEX_CCM_AES, #endif #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_ARIA_C) @@ -105,8 +104,7 @@ enum mbedtls_cipher_base_index { #if defined(MBEDTLS_DES_C) MBEDTLS_CIPHER_BASE_INDEX_DES, #endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) +#if defined(MBEDTLS_CIPHER_HAVE_GCM_AES) MBEDTLS_CIPHER_BASE_INDEX_GCM_AES, #endif #if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_ARIA_C) @@ -580,8 +578,7 @@ static int gcm_aes_setkey_wrap(void *ctx, const unsigned char *key, } #endif /* MBEDTLS_GCM_C */ -#if defined(MBEDTLS_GCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) static const mbedtls_cipher_base_t gcm_aes_info = { MBEDTLS_CIPHER_ID_AES, NULL, @@ -615,10 +612,9 @@ static const mbedtls_cipher_base_t gcm_aes_info = { NULL, #endif /* MBEDTLS_GCM_C */ }; -#endif /* MBEDTLS_GCM_C || (MBEDTLS_USE_PSA_CRYPTO && PSA_WANT_ALG_GCM) */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ -#if defined(MBEDTLS_GCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) static const mbedtls_cipher_info_t aes_128_gcm_info = { "AES-128-GCM", 16, @@ -653,7 +649,7 @@ static const mbedtls_cipher_info_t aes_256_gcm_info = { MBEDTLS_CIPHER_BASE_INDEX_GCM_AES }; #endif -#endif /* MBEDTLS_GCM_C || PSA_WANT_ALG_GCM */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #if defined(MBEDTLS_CCM_C) static int ccm_aes_setkey_wrap(void *ctx, const unsigned char *key, @@ -664,8 +660,7 @@ static int ccm_aes_setkey_wrap(void *ctx, const unsigned char *key, } #endif /* MBEDTLS_CCM_C */ -#if defined(MBEDTLS_CCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) +#if defined(MBEDTLS_CIPHER_HAVE_CCM) static const mbedtls_cipher_base_t ccm_aes_info = { MBEDTLS_CIPHER_ID_AES, NULL, @@ -699,10 +694,9 @@ static const mbedtls_cipher_base_t ccm_aes_info = { NULL, #endif }; -#endif /* MBEDTLS_CCM_C || (MBEDTLS_USE_PSA_CRYPTO && PSA_WANT_ALG_CCM) */ +#endif /* MBEDTLS_CIPHER_HAVE_CCM */ -#if defined(MBEDTLS_CCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) +#if defined(MBEDTLS_CIPHER_HAVE_CCM) static const mbedtls_cipher_info_t aes_128_ccm_info = { "AES-128-CCM", 16, @@ -737,10 +731,9 @@ static const mbedtls_cipher_info_t aes_256_ccm_info = { MBEDTLS_CIPHER_BASE_INDEX_CCM_AES }; #endif -#endif /* MBEDTLS_CCM_C || PSA_WANT_ALG_CCM */ +#endif /* MBEDTLS_CIPHER_HAVE_CCM */ -#if defined(MBEDTLS_CCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)) +#if defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG) static const mbedtls_cipher_info_t aes_128_ccm_star_no_tag_info = { "AES-128-CCM*-NO-TAG", 16, @@ -775,7 +768,7 @@ static const mbedtls_cipher_info_t aes_256_ccm_star_no_tag_info = { MBEDTLS_CIPHER_BASE_INDEX_CCM_AES }; #endif -#endif /* MBEDTLS_CCM_C || PSA_WANT_ALG_CCM_STAR_NO_TAG */ +#endif /* MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG */ #endif /* MBEDTLS_AES_C */ @@ -2276,24 +2269,21 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] = { MBEDTLS_CIPHER_AES_256_XTS, &aes_256_xts_info }, #endif #endif -#if defined(MBEDTLS_GCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) { MBEDTLS_CIPHER_AES_128_GCM, &aes_128_gcm_info }, #if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_GCM, &aes_192_gcm_info }, { MBEDTLS_CIPHER_AES_256_GCM, &aes_256_gcm_info }, #endif #endif -#if defined(MBEDTLS_CCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) +#if defined(MBEDTLS_CIPHER_HAVE_CCM) { MBEDTLS_CIPHER_AES_128_CCM, &aes_128_ccm_info }, #if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_CCM, &aes_192_ccm_info }, { MBEDTLS_CIPHER_AES_256_CCM, &aes_256_ccm_info }, #endif #endif -#if defined(MBEDTLS_CCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)) +#if defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG) { MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, &aes_128_ccm_star_no_tag_info }, #if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, &aes_192_ccm_star_no_tag_info }, @@ -2423,8 +2413,7 @@ const mbedtls_cipher_base_t *mbedtls_cipher_base_lookup_table[] = { #if defined(MBEDTLS_CAMELLIA_C) [MBEDTLS_CIPHER_BASE_INDEX_CAMELLIA] = &camellia_info, #endif -#if (defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_KEY_TYPE_AES)) +#if defined(MBEDTLS_CIPHER_HAVE_CCM_AES) [MBEDTLS_CIPHER_BASE_INDEX_CCM_AES] = &ccm_aes_info, #endif #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_ARIA_C) @@ -2448,8 +2437,7 @@ const mbedtls_cipher_base_t *mbedtls_cipher_base_lookup_table[] = { #if defined(MBEDTLS_DES_C) [MBEDTLS_CIPHER_BASE_INDEX_DES] = &des_info, #endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_KEY_TYPE_AES)) +#if defined(MBEDTLS_CIPHER_HAVE_GCM_AES) [MBEDTLS_CIPHER_BASE_INDEX_GCM_AES] = &gcm_aes_info, #endif #if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_ARIA_C) diff --git a/library/cipher_wrap.h b/library/cipher_wrap.h index c85a4efa8..53cf12ff4 100644 --- a/library/cipher_wrap.h +++ b/library/cipher_wrap.h @@ -36,6 +36,42 @@ extern "C" { #endif +/* Support for GCM either through Mbed TLS SW implementation or PSA */ +#if defined(MBEDTLS_GCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) +#define MBEDTLS_CIPHER_HAVE_GCM +#endif + +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_KEY_TYPE_AES)) +#define MBEDTLS_CIPHER_HAVE_GCM_AES +#endif + +#if defined(MBEDTLS_CCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) +#define MBEDTLS_CIPHER_HAVE_CCM +#endif + +#if (defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_KEY_TYPE_AES)) +#define MBEDTLS_CIPHER_HAVE_CCM_AES +#endif + +#if defined(MBEDTLS_CCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)) +#define MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG +#endif + +#if defined(MBEDTLS_CHACHAPOLY_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305)) +#define MBEDTLS_CIPHER_HAVE_CHACHAPOLY +#endif + +#if defined(MBEDTLS_CIPHER_HAVE_GCM) || defined(MBEDTLS_CIPHER_HAVE_CCM) || \ + defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG) || defined(MBEDTLS_CIPHER_HAVE_CHACHAPOLY) +#define MBEDTLS_CIPHER_HAVE_SOME_AEAD +#endif + /** * Base cipher information. The non-mode specific functions and values. */ diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index fdf22a92f..da43fda19 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -6,7 +6,7 @@ #include "mbedtls/gcm.h" #endif -#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) +#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD) || defined(MBEDTLS_NIST_KW_C) #define MBEDTLS_CIPHER_AUTH_CRYPT #endif