[U-Boot] [PATCH V2 0/4] aes: add support for aes192 and aes256

[U-Boot] [PATCH V2 0/4] aes: add support for aes192 and aes256

[Philippe Reynes]

This serie add the support of aes192 and aes256.
This first commit clean a bit the code, and introduce
a constant for the block (instead of using the key size).
The second commit add the support of aes192 and aes256
to the lib and the cmd. The third update the code of
crypto for tegra20, and the forth one add tests in 
pytest for aes192 and aes256.

Philippe Reynes (4):
  aes: add a define for the size of a block
  aes: add support of aes192 and aes256
  tegra20: crypto: update code to use new aes api
  pytest: aes: add test for aes192 and aes256

 arch/arm/mach-tegra/tegra20/crypto.c |  41 ++++++------
 cmd/aes.c                            |  40 ++++++++----
 include/uboot_aes.h                  |  39 ++++++++----
 lib/aes.c                            | 111 ++++++++++++++++++++------------
 test/py/tests/test_aes.py            | 118 +++++++++++++++++++++++++++--------
 5 files changed, 237 insertions(+), 112 deletions(-)

-- 
2.7.4

[U-Boot] [PATCH V2 1/4] aes: add a define for the size of a block

[Philippe Reynes]

In the code, we use the size of the key for the
size of the block. It's true when the key is 128 bits,
but it become false for key of 192 bits and 256 bits.
So to prepare the support of aes192  and 256,
we introduce a constant for the iaes block size.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
 cmd/aes.c           |  2 +-
 include/uboot_aes.h |  5 +++--
 lib/aes.c           | 34 +++++++++++++++++-----------------
 3 files changed, 21 insertions(+), 20 deletions(-)

Changelog:
v2:
- no change

diff --git a/cmd/aes.c b/cmd/aes.c
index 8c61cee..24b0256 100644
--- a/cmd/aes.c
+++ b/cmd/aes.c
@@ -56,7 +56,7 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
 	aes_expand_key(key_ptr, key_exp);
 
 	/* Calculate the number of AES blocks to encrypt. */
-	aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH);
+	aes_blocks = DIV_ROUND_UP(len, AES_BLOCK_LENGTH);
 
 	if (enc)
 		aes_cbc_encrypt_blocks(key_exp, iv_ptr, src_ptr, dst_ptr,
diff --git a/include/uboot_aes.h b/include/uboot_aes.h
index 2fda384..1ae3ac9 100644
--- a/include/uboot_aes.h
+++ b/include/uboot_aes.h
@@ -18,7 +18,7 @@ typedef unsigned int u32;
  * AES encryption library, with small code size, supporting only 128-bit AES
  *
  * AES is a stream cipher which works a block at a time, with each block
- * in this case being AES_KEY_LENGTH bytes.
+ * in this case being AES_BLOCK_LENGTH bytes.
  */
 
 enum {
@@ -28,6 +28,7 @@ enum {
 
 	AES_KEY_LENGTH	= 128 / 8,
 	AES_EXPAND_KEY_LENGTH	= 4 * AES_STATECOLS * (AES_ROUNDS + 1),
+	AES_BLOCK_LENGTH	= 128 / 8,
 };
 
 /**
@@ -62,7 +63,7 @@ void aes_decrypt(u8 *in, u8 *expkey, u8 *out);
 /**
  * Apply chain data to the destination using EOR
  *
- * Each array is of length AES_KEY_LENGTH.
+ * Each array is of length AES_BLOCK_LENGTH.
  *
  * @cbc_chain_data	Chain data
  * @src			Source data
diff --git a/lib/aes.c b/lib/aes.c
index a12a192..cfa57b6 100644
--- a/lib/aes.c
+++ b/lib/aes.c
@@ -596,62 +596,62 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
 {
 	int i;
 
-	for (i = 0; i < AES_KEY_LENGTH; i++)
+	for (i = 0; i < AES_BLOCK_LENGTH; i++)
 		*dst++ = *src++ ^ *cbc_chain_data++;
 }
 
 void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 			    u32 num_aes_blocks)
 {
-	u8 tmp_data[AES_KEY_LENGTH];
+	u8 tmp_data[AES_BLOCK_LENGTH];
 	u8 *cbc_chain_data = iv;
 	u32 i;
 
 	for (i = 0; i < num_aes_blocks; i++) {
 		debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
-		debug_print_vector("AES Src", AES_KEY_LENGTH, src);
+		debug_print_vector("AES Src", AES_BLOCK_LENGTH, src);
 
 		/* Apply the chain data */
 		aes_apply_cbc_chain_data(cbc_chain_data, src, tmp_data);
-		debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
+		debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data);
 
 		/* Encrypt the AES block */
 		aes_encrypt(tmp_data, key_exp, dst);
-		debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
+		debug_print_vector("AES Dst", AES_BLOCK_LENGTH, dst);
 
 		/* Update pointers for next loop. */
 		cbc_chain_data = dst;
-		src += AES_KEY_LENGTH;
-		dst += AES_KEY_LENGTH;
+		src += AES_BLOCK_LENGTH;
+		dst += AES_BLOCK_LENGTH;
 	}
 }
 
 void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 			    u32 num_aes_blocks)
 {
-	u8 tmp_data[AES_KEY_LENGTH], tmp_block[AES_KEY_LENGTH];
+	u8 tmp_data[AES_BLOCK_LENGTH], tmp_block[AES_BLOCK_LENGTH];
 	/* Convenient array of 0's for IV */
-	u8 cbc_chain_data[AES_KEY_LENGTH];
+	u8 cbc_chain_data[AES_BLOCK_LENGTH];
 	u32 i;
 
-	memcpy(cbc_chain_data, iv, AES_KEY_LENGTH);
+	memcpy(cbc_chain_data, iv, AES_BLOCK_LENGTH);
 	for (i = 0; i < num_aes_blocks; i++) {
 		debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
-		debug_print_vector("AES Src", AES_KEY_LENGTH, src);
+		debug_print_vector("AES Src", AES_BLOCK_LENGTH, src);
 
-		memcpy(tmp_block, src, AES_KEY_LENGTH);
+		memcpy(tmp_block, src, AES_BLOCK_LENGTH);
 
 		/* Decrypt the AES block */
 		aes_decrypt(src, key_exp, tmp_data);
-		debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
+		debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data);
 
 		/* Apply the chain data */
 		aes_apply_cbc_chain_data(cbc_chain_data, tmp_data, dst);
-		debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
+		debug_print_vector("AES Dst", AES_BLOCK_LENGTH, dst);
 
 		/* Update pointers for next loop. */
-		memcpy(cbc_chain_data, tmp_block, AES_KEY_LENGTH);
-		src += AES_KEY_LENGTH;
-		dst += AES_KEY_LENGTH;
+		memcpy(cbc_chain_data, tmp_block, AES_BLOCK_LENGTH);
+		src += AES_BLOCK_LENGTH;
+		dst += AES_BLOCK_LENGTH;
 	}
 }
-- 
2.7.4

[U-Boot] [PATCH V2 2/4] aes: add support of aes192 and aes256

[Philippe Reynes]

Until now, we only support aes128. This commit add the support
of aes192 and aes256.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
 cmd/aes.c           | 38 +++++++++++++++++---------
 include/uboot_aes.h | 34 +++++++++++++++--------
 lib/aes.c           | 77 +++++++++++++++++++++++++++++++++++++----------------
 3 files changed, 103 insertions(+), 46 deletions(-)

Changelog:
v2:
- fix the help for the aes command

diff --git a/cmd/aes.c b/cmd/aes.c
index 24b0256..8c5b42f 100644
--- a/cmd/aes.c
+++ b/cmd/aes.c
@@ -2,7 +2,7 @@
 /*
  * Copyright (C) 2014 Marek Vasut <marex@denx.de>
  *
- * Command for en/de-crypting block of memory with AES-128-CBC cipher.
+ * Command for en/de-crypting block of memory with AES-[128/192/256]-CBC cipher.
  */
 
 #include <common.h>
@@ -13,6 +13,18 @@
 #include <linux/compiler.h>
 #include <mapmem.h>
 
+u32 aes_get_key_len(char *command)
+{
+	u32 key_len = AES128_KEY_LENGTH;
+
+	if (!strcmp(command, "aes.192"))
+		key_len = AES192_KEY_LENGTH;
+	else if (!strcmp(command, "aes.256"))
+		key_len = AES256_KEY_LENGTH;
+
+	return key_len;
+}
+
 /**
  * do_aes() - Handle the "aes" command-line command
  * @cmdtp:	Command data struct pointer
@@ -27,13 +39,15 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
 {
 	uint32_t key_addr, iv_addr, src_addr, dst_addr, len;
 	uint8_t *key_ptr, *iv_ptr, *src_ptr, *dst_ptr;
-	uint8_t key_exp[AES_EXPAND_KEY_LENGTH];
-	uint32_t aes_blocks;
+	u8 key_exp[AES256_EXPAND_KEY_LENGTH];
+	u32 aes_blocks, key_len;
 	int enc;
 
 	if (argc != 7)
 		return CMD_RET_USAGE;
 
+	key_len = aes_get_key_len(argv[0]);
+
 	if (!strncmp(argv[1], "enc", 3))
 		enc = 1;
 	else if (!strncmp(argv[1], "dec", 3))
@@ -47,23 +61,23 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
 	dst_addr = simple_strtoul(argv[5], NULL, 16);
 	len = simple_strtoul(argv[6], NULL, 16);
 
-	key_ptr = (uint8_t *)map_sysmem(key_addr, 128 / 8);
+	key_ptr = (uint8_t *)map_sysmem(key_addr, key_len);
 	iv_ptr = (uint8_t *)map_sysmem(iv_addr, 128 / 8);
 	src_ptr = (uint8_t *)map_sysmem(src_addr, len);
 	dst_ptr = (uint8_t *)map_sysmem(dst_addr, len);
 
 	/* First we expand the key. */
-	aes_expand_key(key_ptr, key_exp);
+	aes_expand_key(key_ptr, key_len, key_exp);
 
 	/* Calculate the number of AES blocks to encrypt. */
 	aes_blocks = DIV_ROUND_UP(len, AES_BLOCK_LENGTH);
 
 	if (enc)
-		aes_cbc_encrypt_blocks(key_exp, iv_ptr, src_ptr, dst_ptr,
-				       aes_blocks);
+		aes_cbc_encrypt_blocks(key_len, key_exp, iv_ptr, src_ptr,
+				       dst_ptr, aes_blocks);
 	else
-		aes_cbc_decrypt_blocks(key_exp, iv_ptr, src_ptr, dst_ptr,
-				       aes_blocks);
+		aes_cbc_decrypt_blocks(key_len, key_exp, iv_ptr, src_ptr,
+				       dst_ptr, aes_blocks);
 
 	unmap_sysmem(key_ptr);
 	unmap_sysmem(iv_ptr);
@@ -76,13 +90,13 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
 /***************************************************/
 #ifdef CONFIG_SYS_LONGHELP
 static char aes_help_text[] =
-	"enc key iv src dst len - Encrypt block of data $len bytes long\n"
+	"[.128,.192,.256] enc key iv src dst len - Encrypt block of data $len bytes long\n"
 	"                             at address $src using a key at address\n"
 	"                             $key with initialization vector at address\n"
 	"                             $iv. Store the result at address $dst.\n"
 	"                             The $len size must be multiple of 16 bytes.\n"
 	"                             The $key and $iv must be 16 bytes long.\n"
-	"aes dec key iv src dst len - Decrypt block of data $len bytes long\n"
+	"aes [.128,.192,.256] dec key iv src dst len - Decrypt block of data $len bytes long\n"
 	"                             at address $src using a key at address\n"
 	"                             $key with initialization vector at address\n"
 	"                             $iv. Store the result at address $dst.\n"
@@ -92,6 +106,6 @@ static char aes_help_text[] =
 
 U_BOOT_CMD(
 	aes, 7, 1, do_aes,
-	"AES 128 CBC encryption",
+	"AES 128/192/256 CBC encryption",
 	aes_help_text
 );
diff --git a/include/uboot_aes.h b/include/uboot_aes.h
index 1ae3ac9..d2583be 100644
--- a/include/uboot_aes.h
+++ b/include/uboot_aes.h
@@ -23,11 +23,18 @@ typedef unsigned int u32;
 
 enum {
 	AES_STATECOLS	= 4,	/* columns in the state & expanded key */
-	AES_KEYCOLS	= 4,	/* columns in a key */
-	AES_ROUNDS	= 10,	/* rounds in encryption */
-
-	AES_KEY_LENGTH	= 128 / 8,
-	AES_EXPAND_KEY_LENGTH	= 4 * AES_STATECOLS * (AES_ROUNDS + 1),
+	AES128_KEYCOLS	= 4,	/* columns in a key for aes128 */
+	AES192_KEYCOLS	= 6,	/* columns in a key for aes128 */
+	AES256_KEYCOLS	= 8,	/* columns in a key for aes128 */
+	AES128_ROUNDS	= 10,	/* rounds in encryption for aes128 */
+	AES192_ROUNDS	= 12,	/* rounds in encryption for aes192 */
+	AES256_ROUNDS	= 14,	/* rounds in encryption for aes256 */
+	AES128_KEY_LENGTH	= 128 / 8,
+	AES192_KEY_LENGTH	= 192 / 8,
+	AES256_KEY_LENGTH	= 256 / 8,
+	AES128_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES128_ROUNDS + 1),
+	AES192_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES192_ROUNDS + 1),
+	AES256_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES256_ROUNDS + 1),
 	AES_BLOCK_LENGTH	= 128 / 8,
 };
 
@@ -37,28 +44,31 @@ enum {
  * Expand a key into a key schedule, which is then used for the other
  * operations.
  *
- * @key		Key, of length AES_KEY_LENGTH bytes
+ * @key		Key
+ * @key_size	Size of the key (in bits)
  * @expkey	Buffer to place expanded key, AES_EXPAND_KEY_LENGTH
  */
-void aes_expand_key(u8 *key, u8 *expkey);
+void aes_expand_key(u8 *key, u32 key_size, u8 *expkey);
 
 /**
  * aes_encrypt() - Encrypt single block of data with AES 128
  *
+ * @key_size	Size of the aes key (in bits)
  * @in		Input data
  * @expkey	Expanded key to use for encryption (from aes_expand_key())
  * @out		Output data
  */
-void aes_encrypt(u8 *in, u8 *expkey, u8 *out);
+void aes_encrypt(u32 key_size, u8 *in, u8 *expkey, u8 *out);
 
 /**
  * aes_decrypt() - Decrypt single block of data with AES 128
  *
+ * @key_size	Size of the aes key (in bits)
  * @in		Input data
  * @expkey	Expanded key to use for decryption (from aes_expand_key())
  * @out		Output data
  */
-void aes_decrypt(u8 *in, u8 *expkey, u8 *out);
+void aes_decrypt(u32 key_size, u8 *in, u8 *expkey, u8 *out);
 
 /**
  * Apply chain data to the destination using EOR
@@ -74,25 +84,27 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst);
 /**
  * aes_cbc_encrypt_blocks() - Encrypt multiple blocks of data with AES CBC.
  *
+ * @key_size		Size of the aes key (in bits)
  * @key_exp		Expanded key to use
  * @iv			Initialization vector
  * @src			Source data to encrypt
  * @dst			Destination buffer
  * @num_aes_blocks	Number of AES blocks to encrypt
  */
-void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
+void aes_cbc_encrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 			    u32 num_aes_blocks);
 
 /**
  * Decrypt multiple blocks of data with AES CBC.
  *
+ * @key_size		Size of the aes key (in bits)
  * @key_exp		Expanded key to use
  * @iv			Initialization vector
  * @src			Source data to decrypt
  * @dst			Destination buffer
  * @num_aes_blocks	Number of AES blocks to decrypt
  */
-void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
+void aes_cbc_decrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 			    u32 num_aes_blocks);
 
 #endif /* _AES_REF_H_ */
diff --git a/lib/aes.c b/lib/aes.c
index cfa57b6..ce53c9f 100644
--- a/lib/aes.c
+++ b/lib/aes.c
@@ -508,50 +508,79 @@ static u8 rcon[11] = {
 	0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36
 };
 
+static u32 aes_get_rounds(u32 key_len)
+{
+	u32 rounds = AES128_ROUNDS;
+
+	if (key_len == AES192_KEY_LENGTH)
+		rounds = AES192_ROUNDS;
+	else if (key_len == AES256_KEY_LENGTH)
+		rounds = AES256_ROUNDS;
+
+	return rounds;
+}
+
+static u32 aes_get_keycols(u32 key_len)
+{
+	u32 keycols = AES128_KEYCOLS;
+
+	if (key_len == AES192_KEY_LENGTH)
+		keycols = AES192_KEYCOLS;
+	else if (key_len == AES256_KEY_LENGTH)
+		keycols = AES256_KEYCOLS;
+
+	return keycols;
+}
+
 /* produce AES_STATECOLS bytes for each round */
-void aes_expand_key(u8 *key, u8 *expkey)
+void aes_expand_key(u8 *key, u32 key_len, u8 *expkey)
 {
 	u8 tmp0, tmp1, tmp2, tmp3, tmp4;
-	u32 idx;
+	u32 idx, aes_rounds, aes_keycols;
 
-	memcpy(expkey, key, AES_KEYCOLS * 4);
+	aes_rounds = aes_get_rounds(key_len);
+	aes_keycols = aes_get_keycols(key_len);
 
-	for (idx = AES_KEYCOLS; idx < AES_STATECOLS * (AES_ROUNDS + 1); idx++) {
+	memcpy(expkey, key, key_len);
+
+	for (idx = aes_keycols; idx < AES_STATECOLS * (aes_rounds + 1); idx++) {
 		tmp0 = expkey[4*idx - 4];
 		tmp1 = expkey[4*idx - 3];
 		tmp2 = expkey[4*idx - 2];
 		tmp3 = expkey[4*idx - 1];
-		if (!(idx % AES_KEYCOLS)) {
+		if (!(idx % aes_keycols)) {
 			tmp4 = tmp3;
 			tmp3 = sbox[tmp0];
-			tmp0 = sbox[tmp1] ^ rcon[idx / AES_KEYCOLS];
+			tmp0 = sbox[tmp1] ^ rcon[idx / aes_keycols];
 			tmp1 = sbox[tmp2];
 			tmp2 = sbox[tmp4];
-		} else if ((AES_KEYCOLS > 6) && (idx % AES_KEYCOLS == 4)) {
+		} else if ((aes_keycols > 6) && (idx % aes_keycols == 4)) {
 			tmp0 = sbox[tmp0];
 			tmp1 = sbox[tmp1];
 			tmp2 = sbox[tmp2];
 			tmp3 = sbox[tmp3];
 		}
 
-		expkey[4*idx+0] = expkey[4*idx - 4*AES_KEYCOLS + 0] ^ tmp0;
-		expkey[4*idx+1] = expkey[4*idx - 4*AES_KEYCOLS + 1] ^ tmp1;
-		expkey[4*idx+2] = expkey[4*idx - 4*AES_KEYCOLS + 2] ^ tmp2;
-		expkey[4*idx+3] = expkey[4*idx - 4*AES_KEYCOLS + 3] ^ tmp3;
+		expkey[4*idx+0] = expkey[4*idx - 4*aes_keycols + 0] ^ tmp0;
+		expkey[4*idx+1] = expkey[4*idx - 4*aes_keycols + 1] ^ tmp1;
+		expkey[4*idx+2] = expkey[4*idx - 4*aes_keycols + 2] ^ tmp2;
+		expkey[4*idx+3] = expkey[4*idx - 4*aes_keycols + 3] ^ tmp3;
 	}
 }
 
 /* encrypt one 128 bit block */
-void aes_encrypt(u8 *in, u8 *expkey, u8 *out)
+void aes_encrypt(u32 key_len, u8 *in, u8 *expkey, u8 *out)
 {
 	u8 state[AES_STATECOLS * 4];
-	u32 round;
+	u32 round, aes_rounds;
+
+	aes_rounds = aes_get_rounds(key_len);
 
 	memcpy(state, in, AES_STATECOLS * 4);
 	add_round_key((u32 *)state, (u32 *)expkey);
 
-	for (round = 1; round < AES_ROUNDS + 1; round++) {
-		if (round < AES_ROUNDS)
+	for (round = 1; round < aes_rounds + 1; round++) {
+		if (round < aes_rounds)
 			mix_sub_columns(state);
 		else
 			shift_rows(state);
@@ -563,18 +592,20 @@ void aes_encrypt(u8 *in, u8 *expkey, u8 *out)
 	memcpy(out, state, sizeof(state));
 }
 
-void aes_decrypt(u8 *in, u8 *expkey, u8 *out)
+void aes_decrypt(u32 key_len, u8 *in, u8 *expkey, u8 *out)
 {
 	u8 state[AES_STATECOLS * 4];
-	int round;
+	int round, aes_rounds;
+
+	aes_rounds = aes_get_rounds(key_len);
 
 	memcpy(state, in, sizeof(state));
 
 	add_round_key((u32 *)state,
-		      (u32 *)expkey + AES_ROUNDS * AES_STATECOLS);
+		      (u32 *)expkey + aes_rounds * AES_STATECOLS);
 	inv_shift_rows(state);
 
-	for (round = AES_ROUNDS; round--; ) {
+	for (round = aes_rounds; round--; ) {
 		add_round_key((u32 *)state,
 			      (u32 *)expkey + round * AES_STATECOLS);
 		if (round)
@@ -600,7 +631,7 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
 		*dst++ = *src++ ^ *cbc_chain_data++;
 }
 
-void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
+void aes_cbc_encrypt_blocks(u32 key_len, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 			    u32 num_aes_blocks)
 {
 	u8 tmp_data[AES_BLOCK_LENGTH];
@@ -616,7 +647,7 @@ void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 		debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data);
 
 		/* Encrypt the AES block */
-		aes_encrypt(tmp_data, key_exp, dst);
+		aes_encrypt(key_len, tmp_data, key_exp, dst);
 		debug_print_vector("AES Dst", AES_BLOCK_LENGTH, dst);
 
 		/* Update pointers for next loop. */
@@ -626,7 +657,7 @@ void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 	}
 }
 
-void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
+void aes_cbc_decrypt_blocks(u32 key_len, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 			    u32 num_aes_blocks)
 {
 	u8 tmp_data[AES_BLOCK_LENGTH], tmp_block[AES_BLOCK_LENGTH];
@@ -642,7 +673,7 @@ void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 		memcpy(tmp_block, src, AES_BLOCK_LENGTH);
 
 		/* Decrypt the AES block */
-		aes_decrypt(src, key_exp, tmp_data);
+		aes_decrypt(key_len, src, key_exp, tmp_data);
 		debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data);
 
 		/* Apply the chain data */
-- 
2.7.4

[U-Boot] [PATCH V2 3/4] tegra20: crypto: update code to use new aes api

[Philippe Reynes]

This commit update tge driver crypto for tegra20
to use the new aes api.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
 arch/arm/mach-tegra/tegra20/crypto.c | 41 +++++++++++++++++++-----------------
 1 file changed, 22 insertions(+), 19 deletions(-)

Changelog:
v2:
- add a really simple commit text

diff --git a/arch/arm/mach-tegra/tegra20/crypto.c b/arch/arm/mach-tegra/tegra20/crypto.c
index 66fbc3b..b91191e 100644
--- a/arch/arm/mach-tegra/tegra20/crypto.c
+++ b/arch/arm/mach-tegra/tegra20/crypto.c
@@ -39,34 +39,35 @@ static void left_shift_vector(u8 *in, u8 *out, int size)
 /**
  * Sign a block of data, putting the result into dst.
  *
- * \param key			Input AES key, length AES_KEY_LENGTH
+ * \param key			Input AES key, length AES128_KEY_LENGTH
  * \param key_schedule		Expanded key to use
  * \param src			Source data of length 'num_aes_blocks' blocks
- * \param dst			Destination buffer, length AES_KEY_LENGTH
+ * \param dst			Destination buffer, length AES128_KEY_LENGTH
  * \param num_aes_blocks	Number of AES blocks to encrypt
  */
 static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst,
 			u32 num_aes_blocks)
 {
-	u8 tmp_data[AES_KEY_LENGTH];
-	u8 iv[AES_KEY_LENGTH] = {0};
-	u8 left[AES_KEY_LENGTH];
-	u8 k1[AES_KEY_LENGTH];
+	u8 tmp_data[AES128_KEY_LENGTH];
+	u8 iv[AES128_KEY_LENGTH] = {0};
+	u8 left[AES128_KEY_LENGTH];
+	u8 k1[AES128_KEY_LENGTH];
 	u8 *cbc_chain_data;
 	unsigned i;
 
 	cbc_chain_data = zero_key;	/* Convenient array of 0's for IV */
 
 	/* compute K1 constant needed by AES-CMAC calculation */
-	for (i = 0; i < AES_KEY_LENGTH; i++)
+	for (i = 0; i < AES128_KEY_LENGTH; i++)
 		tmp_data[i] = 0;
 
-	aes_cbc_encrypt_blocks(key_schedule, iv, tmp_data, left, 1);
+	aes_cbc_encrypt_blocks(AES128_KEY_LENGTH, key_schedule, iv,
+			       tmp_data, left, 1);
 
 	left_shift_vector(left, k1, sizeof(left));
 
 	if ((left[0] >> 7) != 0) /* get MSB of L */
-		k1[AES_KEY_LENGTH-1] ^= AES_CMAC_CONST_RB;
+		k1[AES128_KEY_LENGTH - 1] ^= AES_CMAC_CONST_RB;
 
 	/* compute the AES-CMAC value */
 	for (i = 0; i < num_aes_blocks; i++) {
@@ -78,31 +79,32 @@ static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst,
 			aes_apply_cbc_chain_data(tmp_data, k1, tmp_data);
 
 		/* encrypt the AES block */
-		aes_encrypt(tmp_data, key_schedule, dst);
+		aes_encrypt(AES128_KEY_LENGTH, tmp_data,
+			    key_schedule, dst);
 
 		debug("sign_obj: block %d of %d\n", i, num_aes_blocks);
 
 		/* Update pointers for next loop. */
 		cbc_chain_data = dst;
-		src += AES_KEY_LENGTH;
+		src += AES128_KEY_LENGTH;
 	}
 }
 
 /**
  * Encrypt and sign a block of data (depending on security mode).
  *
- * \param key		Input AES key, length AES_KEY_LENGTH
+ * \param key		Input AES key, length AES128_KEY_LENGTH
  * \param oper		Security operations mask to perform (enum security_op)
  * \param src		Source data
  * \param length	Size of source data
- * \param sig_dst	Destination address for signature, AES_KEY_LENGTH bytes
+ * \param sig_dst	Destination address for signature, AES128_KEY_LENGTH bytes
  */
 static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src,
 			    u32 length, u8 *sig_dst)
 {
 	u32 num_aes_blocks;
-	u8 key_schedule[AES_EXPAND_KEY_LENGTH];
-	u8 iv[AES_KEY_LENGTH] = {0};
+	u8 key_schedule[AES128_EXPAND_KEY_LENGTH];
+	u8 iv[AES128_KEY_LENGTH] = {0};
 
 	debug("encrypt_and_sign: length = %d\n", length);
 
@@ -110,15 +112,16 @@ static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src,
 	 * The only need for a key is for signing/checksum purposes, so
 	 * if not encrypting, expand a key of 0s.
 	 */
-	aes_expand_key(oper & SECURITY_ENCRYPT ? key : zero_key, key_schedule);
+	aes_expand_key(oper & SECURITY_ENCRYPT ? key : zero_key,
+		       AES128_KEY_LENGTH, key_schedule);
 
-	num_aes_blocks = (length + AES_KEY_LENGTH - 1) / AES_KEY_LENGTH;
+	num_aes_blocks = (length + AES128_KEY_LENGTH - 1) / AES128_KEY_LENGTH;
 
 	if (oper & SECURITY_ENCRYPT) {
 		/* Perform this in place, resulting in src being encrypted. */
 		debug("encrypt_and_sign: begin encryption\n");
-		aes_cbc_encrypt_blocks(key_schedule, iv, src, src,
-				       num_aes_blocks);
+		aes_cbc_encrypt_blocks(AES128_KEY_LENGTH, key_schedule, iv, src,
+				       src, num_aes_blocks);
 		debug("encrypt_and_sign: end encryption\n");
 	}
 
-- 
2.7.4

[U-Boot] [PATCH V2 4/4] pytest: aes: add test for aes192 and aes256

[Philippe Reynes]

This commit update the aes tests to check the
aes192 and aes256.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
 test/py/tests/test_aes.py | 118 +++++++++++++++++++++++++++++++++++-----------
 1 file changed, 91 insertions(+), 27 deletions(-)

Changelog:
v2:
- add a really simple commit text
- re-write the test with the new version of test for aes128
- add a test to check that results of aes128/192/256 are differents

diff --git a/test/py/tests/test_aes.py b/test/py/tests/test_aes.py
index 01d514e..8f4cad3 100644
--- a/test/py/tests/test_aes.py
+++ b/test/py/tests/test_aes.py
@@ -11,82 +11,132 @@ def test_aes(u_boot_console):
     cipher and uncipher a random data
     """
 
-    def generate_key_iv_data():
+    class Seed:
+        def __init__(self):
+            self.seed = 0
+
+        def get(self):
+            self.seed = self.seed + 1
+            return self.seed
+
+    def generate_random_data(addr, size):
+        output = cons.run_command('random %d 0x%x %x' % (addr, size, seed.get()))
+        assert('%d bytes filled with random data' % size in ''.join(output))
+
+    def generate_key_iv_data(key_size):
         # Generate random key
-        output = cons.run_command('random 1000 0x10 0')
-        assert('16 bytes filled with random data' in ''.join(output))
+        generate_random_data(1000, key_size)
 
         # Generate random IV
-        output = cons.run_command('random 2000 0x10 0')
-        assert('16 bytes filled with random data' in ''.join(output))
+        generate_random_data(2000, 16)
 
         # Generate random data
-        output = cons.run_command('random 3000 0x20 0')
-        assert('32 bytes filled with random data' in ''.join(output))
+        generate_random_data(3000, 32)
+
+    def test_nominal(aes_size):
+        key_size = aes_size / 8
 
-    def test_nominal():
         # Generate random key, iv and data
-        generate_key_iv_data()
+        generate_key_iv_data(key_size)
 
         # Encrypt random data
-        output = cons.run_command('aes enc 1000 2000 3000 4000 0x20')
+        output = cons.run_command('aes.%d enc 1000 2000 3000 4000 0x20' % aes_size)
 
         # Check that ciphered data are different than unciphered data
         output = cons.run_command('cmp.b 3000 4000 0x20')
         assert('Total of 0 byte(s) were the same' in ''.join(output))
 
         # Decrypt ciphered data
-        output = cons.run_command('aes dec 1000 2000 4000 5000 0x20')
+        output = cons.run_command('aes.%d dec 1000 2000 4000 5000 0x20' % aes_size)
 
         # Check that unciphered data are the same than initial data
         output = cons.run_command('cmp.b 3000 5000 0x20')
         assert('Total of 32 byte(s) were the same' in ''.join(output))
 
-    def test_corrupted_key(seed):
+    def test_corrupted_key(aes_size):
+        key_size = aes_size / 8
+
         # Generate random key, iv and data
-        generate_key_iv_data()
+        generate_key_iv_data(key_size)
 
         # Encrypt random data
-        output = cons.run_command('aes enc 1000 2000 3000 4000 0x20')
+        output = cons.run_command('aes.%d enc 1000 2000 3000 4000 0x20' % aes_size)
 
         # Check that ciphered data are different than unciphered data
         output = cons.run_command('cmp.b 3000 4000 0x20')
         assert('Total of 0 byte(s) were the same' in ''.join(output))
 
         # Corrupt the key (simply generate a new one)
-        output = cons.run_command('random 1000 0x10 %d' % seed)
-        assert('16 bytes filled with random data' in ''.join(output))
+        generate_random_data(1000, key_size)
 
         # Decrypt ciphered data
-        output = cons.run_command('aes dec 1000 2000 4000 5000 0x20')
+        output = cons.run_command('aes.%d dec 1000 2000 4000 5000 0x20' % aes_size)
 
         # Check that unciphered data are different than initial data
         output = cons.run_command('cmp.b 3000 5000 0x20')
         assert('Total of 32 byte(s) were the same' not in ''.join(output))
 
-    def test_corrupted_iv(seed):
+    def test_corrupted_iv(aes_size):
         # Generate random key, iv and data
-        generate_key_iv_data()
+        generate_key_iv_data(aes_size / 8)
 
         # Encrypt random data
-        output = cons.run_command('aes enc 1000 2000 3000 4000 0x20')
+        output = cons.run_command('aes.%d enc 1000 2000 3000 4000 0x20' % aes_size)
 
         # Check that ciphered data are different than unciphered data
         output = cons.run_command('cmp.b 3000 4000 0x20')
         assert('Total of 0 byte(s) were the same' in ''.join(output))
 
         # Corrupt the iv (simply generate a new one)
-        output = cons.run_command('random 2000 0x10 %d' % seed)
-        assert('16 bytes filled with random data' in ''.join(output))
+        generate_random_data(2000, 16)
 
         # Decrypt ciphered data
-        output = cons.run_command('aes dec 1000 2000 4000 5000 0x20')
+        output = cons.run_command('aes.%d dec 1000 2000 4000 5000 0x20' % aes_size)
 
         # Check that unciphered data are different than initial data
         output = cons.run_command('cmp.b 3000 5000 0x20')
         assert('Total of 32 byte(s) were the same' not in ''.join(output))
 
+    def test_different_size():
+        # Generate random key, iv and data
+        generate_key_iv_data(256 / 8)
+
+        # Encrypt random data with aes128
+        output = cons.run_command('aes.%d enc 1000 2000 3000 4000 0x20' % 128)
+
+        # Check that ciphered data are different than unciphered data
+        output = cons.run_command('cmp.b 3000 4000 0x20')
+        assert('Total of 0 byte(s) were the same' in ''.join(output))
+
+        # Encrypt random data with aes192
+        output = cons.run_command('aes.%d enc 1000 2000 3000 5000 0x20' % 192)
+
+        # Check that ciphered data are different than unciphered data
+        output = cons.run_command('cmp.b 3000 5000 0x20')
+        assert('Total of 0 byte(s) were the same' in ''.join(output))
+
+        # Encrypt random data with aes256
+        output = cons.run_command('aes.%d enc 1000 2000 3000 6000 0x20' % 256)
+
+        # Check that ciphered data are different than initial data
+        output = cons.run_command('cmp.b 3000 6000 0x20')
+        assert('Total of 0 byte(s) were the same' in ''.join(output))
+
+        # Check that result of aes128 is different thant aes192
+        output = cons.run_command('cmp.b 4000 5000 0x20')
+        assert('Total of 32 byte(s) were the same' not in ''.join(output))
+
+        # Check that result of aes128 is different thant aes256
+        output = cons.run_command('cmp.b 4000 6000 0x20')
+        assert('Total of 32 byte(s) were the same' not in ''.join(output))
+
+        # Check that result of aes192 is different thant aes256
+        output = cons.run_command('cmp.b 5000 6000 0x20')
+        assert('Total of 32 byte(s) were the same' not in ''.join(output))
+
+
     cons = u_boot_console
+    seed = Seed()
 
     # Check that the option cmd_aes is enabled in the config
     if cons.config.buildconfig.get('config_cmd_aes', 'n') != 'y':
@@ -94,8 +144,22 @@ def test_aes(u_boot_console):
 
     # Send a command with no argument ...
     output = cons.run_command('aes')
-    assert('AES 128 CBC encryption' in ''.join(output))
+    assert('AES 128/192/256 CBC encryption' in ''.join(output))
+
+    # test aes128
+    test_nominal(128)
+    test_corrupted_key(128)
+    test_corrupted_iv(128)
+
+    # test aes192
+    test_nominal(192)
+    test_corrupted_key(192)
+    test_corrupted_iv(192)
+
+    # test aes256
+    test_nominal(256)
+    test_corrupted_key(256)
+    test_corrupted_iv(256)
 
-    test_nominal()
-    test_corrupted_key(666)
-    test_corrupted_iv(666)
+    # test that each key size provide different result
+    test_different_size()
-- 
2.7.4

[U-Boot] [PATCH V2 1/4] aes: add a define for the size of a block

[Simon Glass]

On Tue, 29 Oct 2019 at 11:29, Philippe Reynes
<philippe.reynes@softathome.com> wrote:
>
> In the code, we use the size of the key for the
> size of the block. It's true when the key is 128 bits,
> but it become false for key of 192 bits and 256 bits.
> So to prepare the support of aes192  and 256,
> we introduce a constant for the iaes block size.
>
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> ---
>  cmd/aes.c           |  2 +-
>  include/uboot_aes.h |  5 +++--
>  lib/aes.c           | 34 +++++++++++++++++-----------------
>  3 files changed, 21 insertions(+), 20 deletions(-)

Reviewed-by: Simon Glass <sjg@chromium.org>

[U-Boot] [PATCH V2 3/4] tegra20: crypto: update code to use new aes api

[Simon Glass]

On Tue, 29 Oct 2019 at 11:29, Philippe Reynes
<philippe.reynes@softathome.com> wrote:
>
> This commit update tge driver crypto for tegra20
> to use the new aes api.
>
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> ---
>  arch/arm/mach-tegra/tegra20/crypto.c | 41 +++++++++++++++++++-----------------
>  1 file changed, 22 insertions(+), 19 deletions(-)

Reviewed-by: Simon Glass <sjg@chromium.org>


>
> Changelog:
> v2:
> - add a really simple commit text

[U-Boot] [PATCH V2 2/4] aes: add support of aes192 and aes256

[Simon Glass]

On Tue, 29 Oct 2019 at 11:29, Philippe Reynes
<philippe.reynes@softathome.com> wrote:
>
> Until now, we only support aes128. This commit add the support
> of aes192 and aes256.
>
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> ---
>  cmd/aes.c           | 38 +++++++++++++++++---------
>  include/uboot_aes.h | 34 +++++++++++++++--------
>  lib/aes.c           | 77 +++++++++++++++++++++++++++++++++++++----------------
>  3 files changed, 103 insertions(+), 46 deletions(-)

Reviewed-by: Simon Glass <sjg@chromium.org>

[U-Boot] [PATCH V2 4/4] pytest: aes: add test for aes192 and aes256

[Simon Glass]

Hi Philippe,

On Tue, 29 Oct 2019 at 11:29, Philippe Reynes
<philippe.reynes@softathome.com> wrote:
>
> This commit update the aes tests to check the
> aes192 and aes256.
>
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> ---
>  test/py/tests/test_aes.py | 118 +++++++++++++++++++++++++++++++++++-----------
>  1 file changed, 91 insertions(+), 27 deletions(-)

Any way we could write these tests in C?

>
> Changelog:
> v2:
> - add a really simple commit text
> - re-write the test with the new version of test for aes128
> - add a test to check that results of aes128/192/256 are differents


Regards,
SImon

[U-Boot] [PATCH V2 4/4] pytest: aes: add test for aes192 and aes256

[Philippe REYNES]

Hi Simonn

> Hi Philippe,
> 
> On Tue, 29 Oct 2019 at 11:29, Philippe Reynes
> <philippe.reynes@softathome.com> wrote:
>> 
>> This commit update the aes tests to check the
>> aes192 and aes256.
>> 
>> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
>> ---
>> test/py/tests/test_aes.py | 118 +++++++++++++++++++++++++++++++++++-----------
>> 1 file changed, 91 insertions(+), 27 deletions(-)
> 
> Any way we could write these tests in C?

I'm not sure to understand. Do you mean 
- write this code in C and then call it from python (in pytest) ?
- write this test in C to implement a ut command (like UT_TIME) ?

>> 
>> Changelog:
>> v2:
>> - add a really simple commit text
>> - re-write the test with the new version of test for aes128
>> - add a test to check that results of aes128/192/256 are differents
> 
> 
> Regards,
> SImon

Regards,
Philippe

[PATCH V2 4/4] pytest: aes: add test for aes192 and aes256

[Simon Glass]

Hi Philippe,

On Thu, 31 Oct 2019 at 07:33, Philippe REYNES
<philippe.reynes@softathome.com> wrote:
>
> Hi Simonn
>
> > Hi Philippe,
> >
> > On Tue, 29 Oct 2019 at 11:29, Philippe Reynes
> > <philippe.reynes@softathome.com> wrote:
> >>
> >> This commit update the aes tests to check the
> >> aes192 and aes256.
> >>
> >> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> >> ---
> >> test/py/tests/test_aes.py | 118 +++++++++++++++++++++++++++++++++++-----------
> >> 1 file changed, 91 insertions(+), 27 deletions(-)
> >
> > Any way we could write these tests in C?
>
> I'm not sure to understand. Do you mean
> - write this code in C and then call it from python (in pytest) ?
> - write this test in C to implement a ut command (like UT_TIME) ?

I think I mean both. Write the test in C as a 'ut ae' command, for
example, then call it from a pytest. It should be much faster.

Regards,
Simon

[PATCH V2 4/4] pytest: aes: add test for aes192 and aes256

[Philippe REYNES]

Hi Simon,

> Hi Philippe,
> 
> On Thu, 31 Oct 2019 at 07:33, Philippe REYNES
> <philippe.reynes@softathome.com> wrote:
>> 
>> Hi Simonn
>> 
>> > Hi Philippe,
>> > 
>> > On Tue, 29 Oct 2019 at 11:29, Philippe Reynes
>> > <philippe.reynes@softathome.com> wrote:
>> >> 
>> >> This commit update the aes tests to check the
>> >> aes192 and aes256.
>> >> 
>> >> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
>> >> ---
>> >> test/py/tests/test_aes.py | 118 +++++++++++++++++++++++++++++++++++-----------
>> >> 1 file changed, 91 insertions(+), 27 deletions(-)
>> > 
>> > Any way we could write these tests in C?
>> 
>> I'm not sure to understand. Do you mean
>> - write this code in C and then call it from python (in pytest) ?
>> - write this test in C to implement a ut command (like UT_TIME) ?
> 
> I think I mean both. Write the test in C as a 'ut ae' command, for
> example, then call it from a pytest. It should be much faster.

Sorry for this late answer, and thanks for the clarification. 

I've sent a V3 few weeks ago with a test using ut command.
Then, this test is automaticaly executed in pytest when
runnning ut_subtest.

> Regards,
> Simon

Regards,
Philippe