Make AES optional and remove "Public API" from headers

CMakeLists.txt

@@ -25,8 +25,6 @@ set(src
 	src/sm9_lib.c
 	src/zuc.c
 	src/zuc_modes.c
-	src/aes.c
-	src/aes_modes.c
 	src/hash_drbg.c
 	src/block_cipher.c
 	src/digest.c
@@ -123,7 +121,6 @@ set(tests
 	sm2
 	sm9
 	zuc
-	aes
 	hash_drbg
 	block_cipher
 	digest
@@ -304,6 +301,14 @@ if (ENABLE_SHA2)
 endif()
 
 
+option(ENABLE_AES "Enable AES" ON)
+if (ENABLE_AES)
+	message(STATUS "ENABLE_AES is ON")
+	list(APPEND src src/aes.c src/aes_modes.c)
+	list(APPEND tests aes)
+endif()
+
+
 option(ENABLE_CHACHA20 "Enable Chacha20" OFF)
 if (ENABLE_CHACHA20)
 	message(STATUS "ENABLE_CHACHA20 is ON")

include/gmssl/base64.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -19,19 +19,6 @@
 extern "C" {
 #endif
 
-/*
-BASE64 Public API
-
-	BASE64_CTX
-	base64_encode_init
-	base64_encode_update
-	base64_encode_finish
-	base64_decode_init
-	base64_decode_update
-	base64_decode_finish
-
-*/
-
 
 typedef struct {
     /* number saved in a partial encode/decode */

include/gmssl/block_cipher.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,9 +7,6 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-
 #ifndef GMSSL_BLOCK_CIPHER_H
 #define GMSSL_BLOCK_CIPHER_H
 
@@ -17,8 +14,10 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include <gmssl/aes.h>
 #include <gmssl/sm4.h>
+#ifdef ENABLE_AES
+#include <gmssl/aes.h>
+#endif
 
 
 #ifdef __cplusplus
@@ -37,7 +36,9 @@ typedef struct BLOCK_CIPHER_KEY BLOCK_CIPHER_KEY;
 struct BLOCK_CIPHER_KEY {
 	union {
 		SM4_KEY sm4_key;
+#ifdef ENABLE_AES
 		AES_KEY aes_key;
+#endif
 	} u;
 	const BLOCK_CIPHER *cipher;
 };
@@ -58,7 +59,9 @@ struct BLOCK_CIPHER {
 };
 
 const BLOCK_CIPHER *BLOCK_CIPHER_sm4(void);
+#ifdef ENABLE_AES
 const BLOCK_CIPHER *BLOCK_CIPHER_aes128(void);
+#endif
 
 const BLOCK_CIPHER *block_cipher_from_name(const char *name);
 const char *block_cipher_name(const BLOCK_CIPHER *cipher);

include/gmssl/pbkdf2.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -22,16 +22,6 @@
 extern "C" {
 #endif
 
-/*
-PBKDF2 Public API
-
-	PBKDF2_MIN_ITER
-	PBKDF2_DEFAULT_SALT_SIZE
-	PBKDF2_MAX_SALT_SIZE
-
-	pbkdf2_hmac_sm3_genkey
-*/
-
 
 #define PBKDF2_MIN_ITER			10000
 #define PBKDF2_MAX_ITER			(INT_MAX)

include/gmssl/sdf.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -20,23 +20,6 @@
 extern "C" {
 #endif
 
-/*
-SDF Public API
-
-	sdf_load_library
-	sdf_unload_library
-
-	SDF_DEVICE
-	sdf_open_device
-	sdf_close_device
-	sdf_print_device_info
-	sdf_rand_bytes
-	sdf_load_sign_key
-
-	SDF_KEY
-	sdf_sign
-	sdf_release_key
-*/
 
 typedef struct {
 	void *handle;

include/gmssl/skf.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -22,42 +22,6 @@ extern "C" {
 #endif
 
 
-/*
-SKF Public API
-
-	skf_load_library
-	skf_unload_library
-	skf_list_devices
-	skf_print_device_info
-
-	SKF_DEVICE
-	skf_open_device
-	skf_close_deivce
-	skf_set_label
-	skf_change_authkey
-	skf_list_apps
-	skf_create_app
-	skf_delete_app
-	skf_change_app_admin_pin
-	skf_change_app_user_pin
-	skf_unblock_user_pin
-	skf_list_objects
-	skf_import_object
-	skf_export_object
-	skf_delete_object
-	skf_list_containers
-	skf_create_container
-	skf_delete_container
-	skf_import_sign_cert
-	skf_export_sign_cert
-	skf_rand_bytes
-	skf_load_sign_key
-
-	SKF_KEY
-	skf_sign
-	skf_release_key
-*/
-
 typedef struct {
 	void *handle;
 	char manufacturer[65];

include/gmssl/sm2.h

@@ -23,41 +23,6 @@ extern "C" {
 #endif
 
 
-/*
-SM2 Public API
-
-	SM2_DEFAULT_ID
-	SM2_MAX_ID_LENGTH
-	SM2_MAX_SIGNATURE_SIZE
-	SM2_MAX_PLAINTEXT_SIZE
-	SM2_MAX_CIPHERTEXT_SIZE
-
-	SM2_KEY
-	sm2_key_generate
-	sm2_private_key_info_encrypt_to_der
-	sm2_private_key_info_decrypt_from_der
-	sm2_private_key_info_encrypt_to_pem
-	sm2_private_key_info_decrypt_from_pem
-	sm2_public_key_info_to_der
-	sm2_public_key_info_from_der
-	sm2_public_key_info_to_pem
-	sm2_public_key_info_from_pem
-
-	sm2_sign
-	sm2_verify
-	sm2_encrypt
-	sm2_decrypt
-	sm2_ecdh
-
-	SM2_SIGN_CTX
-	sm2_sign_init
-	sm2_sign_update
-	sm2_sign_finish
-	sm2_verify_init
-	sm2_verify_update
-	sm2_verify_finish
-*/
-
 typedef uint64_t SM2_BN[8];
 
 int sm2_bn_is_zero(const SM2_BN a);

include/gmssl/sm9.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -23,60 +23,6 @@
 extern "C" {
 #endif
 
-/*
-SM9 Public API
-
-	SM9_SIGNATURE_SIZE
-	SM9_MAX_PLAINTEXT_SIZE
-	SM9_MAX_CIPHERTEXT_SIZE
-
-	SM9_SIGN_MASTER_KEY
-	sm9_sign_master_key_generate
-	sm9_sign_master_key_extract_key
-	sm9_sign_master_key_info_encrypt_to_der
-	sm9_sign_master_key_info_decrypt_from_der
-	sm9_sign_master_key_info_encrypt_to_pem
-	sm9_sign_master_key_info_decrypt_from_pem
-	sm9_sign_master_public_key_to_der
-	sm9_sign_master_public_key_from_der
-	sm9_sign_master_public_key_to_pem
-	sm9_sign_master_public_key_from_pem
-
-	SM9_SIGN_KEY
-	sm9_sign_key_info_encrypt_to_der
-	sm9_sign_key_info_decrypt_from_der
-	sm9_sign_key_info_encrypt_to_pem
-	sm9_sign_key_info_decrypt_from_pem
-
-	SM9_SIGN_CTX
-	sm9_sign_init
-	sm9_sign_update
-	sm9_sign_finish
-	sm9_verify_init
-	sm9_verify_update
-	sm9_verify_finish
-
-	SM9_ENC_MASTER_KEY
-	sm9_enc_master_key_generate
-	sm9_enc_master_key_extract_key
-	sm9_enc_master_key_info_encrypt_to_der
-	sm9_enc_master_key_info_decrypt_from_der
-	sm9_enc_master_key_info_encrypt_to_pem
-	sm9_enc_master_key_info_decrypt_from_pem
-	sm9_enc_master_public_key_to_der
-	sm9_enc_master_public_key_from_der
-	sm9_enc_master_public_key_to_pem
-	sm9_enc_master_public_key_from_pem
-
-	SM9_ENC_KEY
-	sm9_enc_key_info_encrypt_to_der
-	sm9_enc_key_info_decrypt_from_der
-	sm9_enc_key_info_encrypt_to_pem
-	sm9_enc_key_info_decrypt_from_pem
-
-	sm9_encrypt
-	sm9_decrypt
-*/
 
 #define SM9_HEX_SEP '\n'
 

include/gmssl/tls.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -27,39 +27,6 @@ extern "C" {
 #endif
 
 
-/*
-TLS Public API
-
-	TLS_PROTOCOL
-	TLS_protocol_tlcp
-	TLS_protocol_tls12
-	TLS_protocol_tls13
-
-	TLS_CIPHER_SUITE
-	TLS_cipher_ecc_sm4_cbc_sm3
-	TLS_cipher_ecc_sm4_gcm_sm3
-	TLS_cipher_ecdhe_sm4_cbc_sm3
-	TLS_cipher_ecdhe_sm4_gcm_sm3
-	TLS_cipher_sm4_gcm_sm3
-
-	TLS_CTX
-	tls_ctx_init
-	tls_ctx_set_cipher_suites
-	tls_ctx_set_ca_certificates
-	tls_ctx_set_certificate_and_key
-	tls_ctx_set_tlcp_server_certificate_and_keys
-	tls_ctx_cleanup
-
-	TLS_CONNECT
-	tls_init
-	tls_set_socket
-	tls_do_handshake
-	tls_send
-	tls_recv
-	tls_shutdown
-	tls_cleanup
-*/
-
 typedef uint32_t uint24_t;
 
 #define tls_uint8_size()	1

include/gmssl/zuc.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -21,31 +21,6 @@ extern "C" {
 #endif
 
 
-/*
-ZUC Public API
-
-	ZUC_KEY_SIZE
-	ZUC_IV_SIZE
-	ZUC_MAC_SIZE
-
-	ZUC_CTX
-	zuc_encrypt_init
-	zuc_encrypt_update
-	zuc_encrypt_finish
-	zuc_decrypt_init
-	zuc_decrypt_update
-	zuc_decrypt_finish
-
-	ZUC_MAC_CTX
-	zuc_mac_init
-	zuc_mac_update
-	zuc_mac_finish
-
-	zuc_eea_encrypt
-	zuc_eia_generate_mac
-*/
-
-
 # define ZUC_KEY_SIZE	16
 # define ZUC_IV_SIZE	16
 # define ZUC_MAC_SIZE	4
@@ -124,8 +99,6 @@ void zuc256_mac_update(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t len);
 void zuc256_mac_finish(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t nbits, uint8_t mac[ZUC_MAC_SIZE]);
 
 
-// Public API
-
 typedef struct {
 	ZUC_STATE zuc_state;
 	uint8_t block[4];

src/block_cipher.c

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -59,6 +59,7 @@ const BLOCK_CIPHER *BLOCK_CIPHER_sm4(void) {
 	return &sm4_block_cipher_object;
 }
 
+#ifdef ENABLE_AES
 static int aes128_set_encrypt_key(AES_KEY *aes_key, const uint8_t key[16]) {
 	return aes_set_encrypt_key(aes_key, key, 16);
 }
@@ -80,3 +81,4 @@ static const BLOCK_CIPHER aes128_block_cipher_object = {
 const BLOCK_CIPHER *BLOCK_CIPHER_aes128(void) {
 	return &aes128_block_cipher_object;
 }
+#endif // ENABLE_AES

src/gcm.c

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -17,7 +17,6 @@
 #include <gmssl/gcm.h>
 #include <gmssl/oid.h>
 #include <gmssl/error.h>
-#include <gmssl/aes.h>
 #include <gmssl/endian.h>
 
 
@@ -178,11 +177,16 @@ int gcm_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen,
 			error_print();
 			return -1;
 		}
+#ifdef ENABLE_AES
 	} else if (key->cipher == BLOCK_CIPHER_aes128()) {
 		if (aes_gcm_encrypt(&(key->u.aes_key), iv, ivlen, aad, aadlen,  in, inlen, out, taglen, tag) != 1) {
 			error_print();
 			return -1;
 		}
+#endif
+	} else {
+		error_print();
+		return -1;
 	}
 	return 1;
 }
@@ -196,11 +200,16 @@ int gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen,
 			error_print();
 			return -1;
 		}
+#ifdef ENABLE_AES
 	} else if (key->cipher == BLOCK_CIPHER_aes128()) {
 		if (aes_gcm_decrypt(&(key->u.aes_key), iv, ivlen, aad, aadlen,  in, inlen, tag, taglen, out) != 1) {
 			error_print();
 			return -1;
 		}
+#endif
+	} else {
+		error_print();
+		return -1;
 	}
 	return 1;
 }

src/tls13.c

@@ -1299,10 +1299,12 @@ int tls13_cipher_suite_get(int cipher_suite, const DIGEST **digest, const BLOCK_
 		*digest = DIGEST_sm3();
 		*cipher = BLOCK_CIPHER_sm4();
 		break;
+#if defined(ENABLE_AES) && defined(ENABLE_SHA2)
 	case TLS_cipher_aes_128_gcm_sha256:
 		*digest = DIGEST_sha256();
 		*cipher = BLOCK_CIPHER_aes128();
 		break;
+#endif
 	default:
 		error_print();
 		return -1;

tests/gcmtest.c

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -131,6 +131,7 @@ int test_gcm(void)
 	rand_bytes(aad, sizeof(aad));
 	rand_bytes(in, sizeof(in));
 
+#ifdef ENABLE_AES
 	memset(out, 0, sizeof(out));
 	memset(buf, 0, sizeof(buf));
 	memset(tag, 0, sizeof(tag));
@@ -151,6 +152,7 @@ int test_gcm(void)
 		error_print();
 		return -1;
 	}
+#endif // ENABLE_AES
 
 	memset(out, 0, sizeof(out));
 	memset(buf, 0, sizeof(buf));