From: Marek Vasut <marex@denx.de>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 2/4] aes: Move the AES-128-CBC encryption function to common code
Date: Thu, 6 Feb 2014 04:44:38 +0100 [thread overview]
Message-ID: <1391658280-24709-2-git-send-email-marex@denx.de> (raw)
In-Reply-To: <1391658280-24709-1-git-send-email-marex@denx.de>
Move the AES-128-CBC encryption function implemented in tegra20-common/crypto.c
into lib/aes.c . This is well re-usable common code. Moreover, clean the code up
a bit and fix the kerneldoc-style annotations.
Signed-off-by: Marek Vasut <marex@denx.de>
---
arch/arm/cpu/tegra20-common/crypto.c | 72 +-----------------------------------
include/aes.h | 10 +++++
lib/aes.c | 59 +++++++++++++++++++++++++++++
3 files changed, 71 insertions(+), 70 deletions(-)
diff --git a/arch/arm/cpu/tegra20-common/crypto.c b/arch/arm/cpu/tegra20-common/crypto.c
index 8209f76..b18e67c 100644
--- a/arch/arm/cpu/tegra20-common/crypto.c
+++ b/arch/arm/cpu/tegra20-common/crypto.c
@@ -19,74 +19,6 @@ enum security_op {
SECURITY_ENCRYPT = 1 << 1, /* Encrypt the data */
};
-static void debug_print_vector(char *name, u32 num_bytes, u8 *data)
-{
- u32 i;
-
- debug("%s [%d] @0x%08x", name, num_bytes, (u32)data);
- for (i = 0; i < num_bytes; i++) {
- if (i % 16 == 0)
- debug(" = ");
- debug("%02x", data[i]);
- if ((i+1) % 16 != 0)
- debug(" ");
- }
- debug("\n");
-}
-
-/**
- * Apply chain data to the destination using EOR
- *
- * Each array is of length AES_AES_KEY_LENGTH.
- *
- * \param cbc_chain_data Chain data
- * \param src Source data
- * \param dst Destination data, which is modified here
- */
-static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
-{
- int i;
-
- for (i = 0; i < 16; i++)
- *dst++ = *src++ ^ *cbc_chain_data++;
-}
-
-/**
- * Encrypt some data with AES.
- *
- * \param key_schedule Expanded key to use
- * \param src Source data to encrypt
- * \param dst Destination buffer
- * \param num_aes_blocks Number of AES blocks to encrypt
- */
-static void encrypt_object(u8 *key_schedule, u8 *src, u8 *dst,
- u32 num_aes_blocks)
-{
- u8 tmp_data[AES_KEY_LENGTH];
- u8 *cbc_chain_data;
- u32 i;
-
- cbc_chain_data = zero_key; /* Convenient array of 0's for IV */
-
- for (i = 0; i < num_aes_blocks; i++) {
- debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
- debug_print_vector("AES Src", AES_KEY_LENGTH, src);
-
- /* Apply the chain data */
- apply_cbc_chain_data(cbc_chain_data, src, tmp_data);
- debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
-
- /* encrypt the AES block */
- aes_encrypt(tmp_data, key_schedule, dst);
- debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
-
- /* Update pointers for next loop. */
- cbc_chain_data = dst;
- src += AES_KEY_LENGTH;
- dst += AES_KEY_LENGTH;
- }
-}
-
/**
* Shift a vector left by one bit
*
@@ -129,7 +61,7 @@ static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst,
for (i = 0; i < AES_KEY_LENGTH; i++)
tmp_data[i] = 0;
- encrypt_object(key_schedule, tmp_data, left, 1);
+ aes_cbc_encrypt_blocks(key_schedule, tmp_data, left, 1);
debug_print_vector("AES(key, nonce)", AES_KEY_LENGTH, left);
left_shift_vector(left, k1, sizeof(left));
@@ -193,7 +125,7 @@ static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src,
if (oper & SECURITY_ENCRYPT) {
/* Perform this in place, resulting in src being encrypted. */
debug("encrypt_and_sign: begin encryption\n");
- encrypt_object(key_schedule, src, src, num_aes_blocks);
+ aes_cbc_encrypt_blocks(key_schedule, src, src, num_aes_blocks);
debug("encrypt_and_sign: end encryption\n");
}
diff --git a/include/aes.h b/include/aes.h
index c70eda6..d9bb387 100644
--- a/include/aes.h
+++ b/include/aes.h
@@ -53,4 +53,14 @@ void aes_encrypt(u8 *in, u8 *expkey, u8 *out);
*/
void aes_decrypt(u8 *in, u8 *expkey, u8 *out);
+/**
+ * aes_cbc_encrypt_blocks() - Encrypt multiple blocks of data with AES CBC.
+ *
+ * @key_exp Expanded key to use
+ * @src Source data to encrypt
+ * @dst Destination buffer
+ * @num_aes_blocks Number of AES blocks to encrypt
+ */
+void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks);
+
#endif /* _AES_REF_H_ */
diff --git a/lib/aes.c b/lib/aes.c
index e996b27..4df5dae 100644
--- a/lib/aes.c
+++ b/lib/aes.c
@@ -580,3 +580,62 @@ void aes_decrypt(u8 *in, u8 *expkey, u8 *out)
memcpy(out, state, sizeof(state));
}
+
+static void debug_print_vector(char *name, u32 num_bytes, u8 *data)
+{
+ u32 i;
+
+ debug("%s [%d] @0x%08x", name, num_bytes, (u32)data);
+ for (i = 0; i < num_bytes; i++) {
+ if (i % 16 == 0)
+ debug(" = ");
+ debug("%02x", data[i]);
+ if ((i+1) % 16 != 0)
+ debug(" ");
+ }
+ debug("\n");
+}
+
+/**
+ * Apply chain data to the destination using EOR
+ *
+ * Each array is of length AES_AES_KEY_LENGTH.
+ *
+ * @cbc_chain_data Chain data
+ * @src Source data
+ * @dst Destination data, which is modified here
+ */
+static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
+{
+ int i;
+
+ for (i = 0; i < 16; i++)
+ *dst++ = *src++ ^ *cbc_chain_data++;
+}
+
+void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks)
+{
+ u8 zero_key[AES_KEY_LENGTH] = { 0 };
+ u8 tmp_data[AES_KEY_LENGTH];
+ /* Convenient array of 0's for IV */
+ u8 *cbc_chain_data = zero_key;
+ u32 i;
+
+ for (i = 0; i < num_aes_blocks; i++) {
+ debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
+ debug_print_vector("AES Src", AES_KEY_LENGTH, src);
+
+ /* Apply the chain data */
+ apply_cbc_chain_data(cbc_chain_data, src, tmp_data);
+ debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
+
+ /* Encrypt the AES block */
+ aes_encrypt(tmp_data, key_exp, dst);
+ debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
+
+ /* Update pointers for next loop. */
+ cbc_chain_data = dst;
+ src += AES_KEY_LENGTH;
+ dst += AES_KEY_LENGTH;
+ }
+}
--
1.8.5.3
next prev parent reply other threads:[~2014-02-06 3:44 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-06 3:44 [U-Boot] [PATCH 1/4] aes: Fix kerneldoc for aes.h Marek Vasut
2014-02-06 3:44 ` Marek Vasut [this message]
2014-02-15 23:30 ` [U-Boot] [PATCH 2/4] aes: Move the AES-128-CBC encryption function to common code Simon Glass
2014-03-05 19:03 ` Marek Vasut
2014-02-06 3:44 ` [U-Boot] [PATCH 3/4] aes: Implement AES-128-CBC decryption function Marek Vasut
2014-02-06 3:44 ` [U-Boot] [PATCH 4/4] aes: Add 'aes' command to access AES-128-CBC Marek Vasut
2014-02-15 23:27 ` [U-Boot] [PATCH 1/4] aes: Fix kerneldoc for aes.h Simon Glass
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1391658280-24709-2-git-send-email-marex@denx.de \
--to=marex@denx.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.