mbedtls: Allow use of XTS functions

Add a few Kconfig options to support XTS (XEX Tweakable Block Ciphertext Stealing). Co-developed-by: Claude <noreply@anthropic.com> Signed-off-by: Simon Glass <simon.glass@canonical.com>
2025-11-11 03:37:10 -07:00
parent 39a81c884d
commit 5830ac688e
2 changed files with 11 additions and 0 deletions
--- a/lib/mbedtls/Makefile
+++ b/lib/mbedtls/Makefile
@@ -37,6 +37,10 @@ mbedtls_lib_crypto-$(CONFIG_$(PHASE_)HKDF_MBEDTLS) += \
 	$(MBEDTLS_LIB_DIR)/hkdf.o
 mbedtls_lib_crypto-$(CONFIG_$(PHASE_)PKCS5_MBEDTLS) += \
 	$(MBEDTLS_LIB_DIR)/pkcs5.o
+mbedtls_lib_crypto-$(CONFIG_$(PHASE_)BLK_LUKS) += \
+	$(MBEDTLS_LIB_DIR)/aes.o \
+	$(MBEDTLS_LIB_DIR)/cipher.o \
+	$(MBEDTLS_LIB_DIR)/cipher_wrap.o

 # MbedTLS X509 library
 obj-$(CONFIG_$(XPL_)MBEDTLS_LIB_X509) += mbedtls_lib_x509.o
--- a/lib/mbedtls/mbedtls_def_config.h
+++ b/lib/mbedtls/mbedtls_def_config.h
@@ -64,6 +64,12 @@
 #define MBEDTLS_PKCS5_C
 #endif

+#if CONFIG_IS_ENABLED(BLK_LUKS)
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_CIPHER_MODE_XTS
+#define MBEDTLS_AES_C
+#endif
+
 #if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509)

 #if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER)
@@ -104,6 +110,7 @@
 #define MBEDTLS_SSL_CLI_C
 #define MBEDTLS_SSL_TLS_C
 #define MBEDTLS_CIPHER_C
+#define MBEDTLS_CIPHER_MODE_XTS
 #define MBEDTLS_MD_C
 #define MBEDTLS_CTR_DRBG_C
 #define MBEDTLS_AES_C