[U-Boot] [PATCH V3 0/5] aes: add support for aes192 and aes256

[U-Boot] [PATCH V3 0/5] aes: add support for aes192 and aes256

[Philippe Reynes]

This serie add the support of aes192 and aes256.
This first commit clean a bit the code, and introduce
a constant for the block (instead of using the key size).
The second commit add the support of aes192 and aes256
to the lib and the cmd. The third update the code of
crypto for tegra20. The forth add a test unit for aes128,
and the sixth  add a test unit for aes 196 and aes256.

Philippe Reynes (5):
  aes: add a define for the size of a block
  aes: add support of aes192 and aes256
  tegra20: crypto: update code to use new aes api
  aes: add test unit for aes128
  aes: add test unit for aes196 and aes256

 arch/arm/mach-tegra/tegra20/crypto.c |  41 +++++----
 cmd/aes.c                            |  40 ++++++---
 include/uboot_aes.h                  |  39 +++++---
 lib/aes.c                            | 111 ++++++++++++++---------
 test/lib/Makefile                    |   1 +
 test/lib/test_aes.c                  | 166 +++++++++++++++++++++++++++++++++++
 6 files changed, 313 insertions(+), 85 deletions(-)
 create mode 100644 test/lib/test_aes.c

-- 
2.7.4

[U-Boot] [PATCH V3 1/5] aes: add a define for the size of a block

[Philippe Reynes]

In the code, we use the size of the key for the
size of the block. It's true when the key is 128 bits,
but it become false for key of 192 bits and 256 bits.
So to prepare the support of aes192  and 256,
we introduce a constant for the iaes block size.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
 cmd/aes.c           |  2 +-
 include/uboot_aes.h |  5 +++--
 lib/aes.c           | 34 +++++++++++++++++-----------------
 3 files changed, 21 insertions(+), 20 deletions(-)

Changelog:
v3:
- no change
v2:
- no change

diff --git a/cmd/aes.c b/cmd/aes.c
index 8c61cee..24b0256 100644
--- a/cmd/aes.c
+++ b/cmd/aes.c
@@ -56,7 +56,7 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
 	aes_expand_key(key_ptr, key_exp);
 
 	/* Calculate the number of AES blocks to encrypt. */
-	aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH);
+	aes_blocks = DIV_ROUND_UP(len, AES_BLOCK_LENGTH);
 
 	if (enc)
 		aes_cbc_encrypt_blocks(key_exp, iv_ptr, src_ptr, dst_ptr,
diff --git a/include/uboot_aes.h b/include/uboot_aes.h
index 2fda384..1ae3ac9 100644
--- a/include/uboot_aes.h
+++ b/include/uboot_aes.h
@@ -18,7 +18,7 @@ typedef unsigned int u32;
  * AES encryption library, with small code size, supporting only 128-bit AES
  *
  * AES is a stream cipher which works a block at a time, with each block
- * in this case being AES_KEY_LENGTH bytes.
+ * in this case being AES_BLOCK_LENGTH bytes.
  */
 
 enum {
@@ -28,6 +28,7 @@ enum {
 
 	AES_KEY_LENGTH	= 128 / 8,
 	AES_EXPAND_KEY_LENGTH	= 4 * AES_STATECOLS * (AES_ROUNDS + 1),
+	AES_BLOCK_LENGTH	= 128 / 8,
 };
 
 /**
@@ -62,7 +63,7 @@ void aes_decrypt(u8 *in, u8 *expkey, u8 *out);
 /**
  * Apply chain data to the destination using EOR
  *
- * Each array is of length AES_KEY_LENGTH.
+ * Each array is of length AES_BLOCK_LENGTH.
  *
  * @cbc_chain_data	Chain data
  * @src			Source data
diff --git a/lib/aes.c b/lib/aes.c
index a12a192..cfa57b6 100644
--- a/lib/aes.c
+++ b/lib/aes.c
@@ -596,62 +596,62 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
 {
 	int i;
 
-	for (i = 0; i < AES_KEY_LENGTH; i++)
+	for (i = 0; i < AES_BLOCK_LENGTH; i++)
 		*dst++ = *src++ ^ *cbc_chain_data++;
 }
 
 void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 			    u32 num_aes_blocks)
 {
-	u8 tmp_data[AES_KEY_LENGTH];
+	u8 tmp_data[AES_BLOCK_LENGTH];
 	u8 *cbc_chain_data = iv;
 	u32 i;
 
 	for (i = 0; i < num_aes_blocks; i++) {
 		debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
-		debug_print_vector("AES Src", AES_KEY_LENGTH, src);
+		debug_print_vector("AES Src", AES_BLOCK_LENGTH, src);
 
 		/* Apply the chain data */
 		aes_apply_cbc_chain_data(cbc_chain_data, src, tmp_data);
-		debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
+		debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data);
 
 		/* Encrypt the AES block */
 		aes_encrypt(tmp_data, key_exp, dst);
-		debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
+		debug_print_vector("AES Dst", AES_BLOCK_LENGTH, dst);
 
 		/* Update pointers for next loop. */
 		cbc_chain_data = dst;
-		src += AES_KEY_LENGTH;
-		dst += AES_KEY_LENGTH;
+		src += AES_BLOCK_LENGTH;
+		dst += AES_BLOCK_LENGTH;
 	}
 }
 
 void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 			    u32 num_aes_blocks)
 {
-	u8 tmp_data[AES_KEY_LENGTH], tmp_block[AES_KEY_LENGTH];
+	u8 tmp_data[AES_BLOCK_LENGTH], tmp_block[AES_BLOCK_LENGTH];
 	/* Convenient array of 0's for IV */
-	u8 cbc_chain_data[AES_KEY_LENGTH];
+	u8 cbc_chain_data[AES_BLOCK_LENGTH];
 	u32 i;
 
-	memcpy(cbc_chain_data, iv, AES_KEY_LENGTH);
+	memcpy(cbc_chain_data, iv, AES_BLOCK_LENGTH);
 	for (i = 0; i < num_aes_blocks; i++) {
 		debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
-		debug_print_vector("AES Src", AES_KEY_LENGTH, src);
+		debug_print_vector("AES Src", AES_BLOCK_LENGTH, src);
 
-		memcpy(tmp_block, src, AES_KEY_LENGTH);
+		memcpy(tmp_block, src, AES_BLOCK_LENGTH);
 
 		/* Decrypt the AES block */
 		aes_decrypt(src, key_exp, tmp_data);
-		debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
+		debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data);
 
 		/* Apply the chain data */
 		aes_apply_cbc_chain_data(cbc_chain_data, tmp_data, dst);
-		debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
+		debug_print_vector("AES Dst", AES_BLOCK_LENGTH, dst);
 
 		/* Update pointers for next loop. */
-		memcpy(cbc_chain_data, tmp_block, AES_KEY_LENGTH);
-		src += AES_KEY_LENGTH;
-		dst += AES_KEY_LENGTH;
+		memcpy(cbc_chain_data, tmp_block, AES_BLOCK_LENGTH);
+		src += AES_BLOCK_LENGTH;
+		dst += AES_BLOCK_LENGTH;
 	}
 }
-- 
2.7.4

[U-Boot] [PATCH V3 2/5] aes: add support of aes192 and aes256

[Philippe Reynes]

Until now, we only support aes128. This commit add the support
of aes192 and aes256.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
 cmd/aes.c           | 38 +++++++++++++++++---------
 include/uboot_aes.h | 34 +++++++++++++++--------
 lib/aes.c           | 77 +++++++++++++++++++++++++++++++++++++----------------
 3 files changed, 103 insertions(+), 46 deletions(-)

Changelog:
v3:
- no change
v2:
- fix the help for the aes command

diff --git a/cmd/aes.c b/cmd/aes.c
index 24b0256..8c5b42f 100644
--- a/cmd/aes.c
+++ b/cmd/aes.c
@@ -2,7 +2,7 @@
 /*
  * Copyright (C) 2014 Marek Vasut <marex@denx.de>
  *
- * Command for en/de-crypting block of memory with AES-128-CBC cipher.
+ * Command for en/de-crypting block of memory with AES-[128/192/256]-CBC cipher.
  */
 
 #include <common.h>
@@ -13,6 +13,18 @@
 #include <linux/compiler.h>
 #include <mapmem.h>
 
+u32 aes_get_key_len(char *command)
+{
+	u32 key_len = AES128_KEY_LENGTH;
+
+	if (!strcmp(command, "aes.192"))
+		key_len = AES192_KEY_LENGTH;
+	else if (!strcmp(command, "aes.256"))
+		key_len = AES256_KEY_LENGTH;
+
+	return key_len;
+}
+
 /**
  * do_aes() - Handle the "aes" command-line command
  * @cmdtp:	Command data struct pointer
@@ -27,13 +39,15 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
 {
 	uint32_t key_addr, iv_addr, src_addr, dst_addr, len;
 	uint8_t *key_ptr, *iv_ptr, *src_ptr, *dst_ptr;
-	uint8_t key_exp[AES_EXPAND_KEY_LENGTH];
-	uint32_t aes_blocks;
+	u8 key_exp[AES256_EXPAND_KEY_LENGTH];
+	u32 aes_blocks, key_len;
 	int enc;
 
 	if (argc != 7)
 		return CMD_RET_USAGE;
 
+	key_len = aes_get_key_len(argv[0]);
+
 	if (!strncmp(argv[1], "enc", 3))
 		enc = 1;
 	else if (!strncmp(argv[1], "dec", 3))
@@ -47,23 +61,23 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
 	dst_addr = simple_strtoul(argv[5], NULL, 16);
 	len = simple_strtoul(argv[6], NULL, 16);
 
-	key_ptr = (uint8_t *)map_sysmem(key_addr, 128 / 8);
+	key_ptr = (uint8_t *)map_sysmem(key_addr, key_len);
 	iv_ptr = (uint8_t *)map_sysmem(iv_addr, 128 / 8);
 	src_ptr = (uint8_t *)map_sysmem(src_addr, len);
 	dst_ptr = (uint8_t *)map_sysmem(dst_addr, len);
 
 	/* First we expand the key. */
-	aes_expand_key(key_ptr, key_exp);
+	aes_expand_key(key_ptr, key_len, key_exp);
 
 	/* Calculate the number of AES blocks to encrypt. */
 	aes_blocks = DIV_ROUND_UP(len, AES_BLOCK_LENGTH);
 
 	if (enc)
-		aes_cbc_encrypt_blocks(key_exp, iv_ptr, src_ptr, dst_ptr,
-				       aes_blocks);
+		aes_cbc_encrypt_blocks(key_len, key_exp, iv_ptr, src_ptr,
+				       dst_ptr, aes_blocks);
 	else
-		aes_cbc_decrypt_blocks(key_exp, iv_ptr, src_ptr, dst_ptr,
-				       aes_blocks);
+		aes_cbc_decrypt_blocks(key_len, key_exp, iv_ptr, src_ptr,
+				       dst_ptr, aes_blocks);
 
 	unmap_sysmem(key_ptr);
 	unmap_sysmem(iv_ptr);
@@ -76,13 +90,13 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
 /***************************************************/
 #ifdef CONFIG_SYS_LONGHELP
 static char aes_help_text[] =
-	"enc key iv src dst len - Encrypt block of data $len bytes long\n"
+	"[.128,.192,.256] enc key iv src dst len - Encrypt block of data $len bytes long\n"
 	"                             at address $src using a key at address\n"
 	"                             $key with initialization vector at address\n"
 	"                             $iv. Store the result at address $dst.\n"
 	"                             The $len size must be multiple of 16 bytes.\n"
 	"                             The $key and $iv must be 16 bytes long.\n"
-	"aes dec key iv src dst len - Decrypt block of data $len bytes long\n"
+	"aes [.128,.192,.256] dec key iv src dst len - Decrypt block of data $len bytes long\n"
 	"                             at address $src using a key at address\n"
 	"                             $key with initialization vector at address\n"
 	"                             $iv. Store the result at address $dst.\n"
@@ -92,6 +106,6 @@ static char aes_help_text[] =
 
 U_BOOT_CMD(
 	aes, 7, 1, do_aes,
-	"AES 128 CBC encryption",
+	"AES 128/192/256 CBC encryption",
 	aes_help_text
 );
diff --git a/include/uboot_aes.h b/include/uboot_aes.h
index 1ae3ac9..d2583be 100644
--- a/include/uboot_aes.h
+++ b/include/uboot_aes.h
@@ -23,11 +23,18 @@ typedef unsigned int u32;
 
 enum {
 	AES_STATECOLS	= 4,	/* columns in the state & expanded key */
-	AES_KEYCOLS	= 4,	/* columns in a key */
-	AES_ROUNDS	= 10,	/* rounds in encryption */
-
-	AES_KEY_LENGTH	= 128 / 8,
-	AES_EXPAND_KEY_LENGTH	= 4 * AES_STATECOLS * (AES_ROUNDS + 1),
+	AES128_KEYCOLS	= 4,	/* columns in a key for aes128 */
+	AES192_KEYCOLS	= 6,	/* columns in a key for aes128 */
+	AES256_KEYCOLS	= 8,	/* columns in a key for aes128 */
+	AES128_ROUNDS	= 10,	/* rounds in encryption for aes128 */
+	AES192_ROUNDS	= 12,	/* rounds in encryption for aes192 */
+	AES256_ROUNDS	= 14,	/* rounds in encryption for aes256 */
+	AES128_KEY_LENGTH	= 128 / 8,
+	AES192_KEY_LENGTH	= 192 / 8,
+	AES256_KEY_LENGTH	= 256 / 8,
+	AES128_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES128_ROUNDS + 1),
+	AES192_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES192_ROUNDS + 1),
+	AES256_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES256_ROUNDS + 1),
 	AES_BLOCK_LENGTH	= 128 / 8,
 };
 
@@ -37,28 +44,31 @@ enum {
  * Expand a key into a key schedule, which is then used for the other
  * operations.
  *
- * @key		Key, of length AES_KEY_LENGTH bytes
+ * @key		Key
+ * @key_size	Size of the key (in bits)
  * @expkey	Buffer to place expanded key, AES_EXPAND_KEY_LENGTH
  */
-void aes_expand_key(u8 *key, u8 *expkey);
+void aes_expand_key(u8 *key, u32 key_size, u8 *expkey);
 
 /**
  * aes_encrypt() - Encrypt single block of data with AES 128
  *
+ * @key_size	Size of the aes key (in bits)
  * @in		Input data
  * @expkey	Expanded key to use for encryption (from aes_expand_key())
  * @out		Output data
  */
-void aes_encrypt(u8 *in, u8 *expkey, u8 *out);
+void aes_encrypt(u32 key_size, u8 *in, u8 *expkey, u8 *out);
 
 /**
  * aes_decrypt() - Decrypt single block of data with AES 128
  *
+ * @key_size	Size of the aes key (in bits)
  * @in		Input data
  * @expkey	Expanded key to use for decryption (from aes_expand_key())
  * @out		Output data
  */
-void aes_decrypt(u8 *in, u8 *expkey, u8 *out);
+void aes_decrypt(u32 key_size, u8 *in, u8 *expkey, u8 *out);
 
 /**
  * Apply chain data to the destination using EOR
@@ -74,25 +84,27 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst);
 /**
  * aes_cbc_encrypt_blocks() - Encrypt multiple blocks of data with AES CBC.
  *
+ * @key_size		Size of the aes key (in bits)
  * @key_exp		Expanded key to use
  * @iv			Initialization vector
  * @src			Source data to encrypt
  * @dst			Destination buffer
  * @num_aes_blocks	Number of AES blocks to encrypt
  */
-void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
+void aes_cbc_encrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 			    u32 num_aes_blocks);
 
 /**
  * Decrypt multiple blocks of data with AES CBC.
  *
+ * @key_size		Size of the aes key (in bits)
  * @key_exp		Expanded key to use
  * @iv			Initialization vector
  * @src			Source data to decrypt
  * @dst			Destination buffer
  * @num_aes_blocks	Number of AES blocks to decrypt
  */
-void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
+void aes_cbc_decrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 			    u32 num_aes_blocks);
 
 #endif /* _AES_REF_H_ */
diff --git a/lib/aes.c b/lib/aes.c
index cfa57b6..ce53c9f 100644
--- a/lib/aes.c
+++ b/lib/aes.c
@@ -508,50 +508,79 @@ static u8 rcon[11] = {
 	0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36
 };
 
+static u32 aes_get_rounds(u32 key_len)
+{
+	u32 rounds = AES128_ROUNDS;
+
+	if (key_len == AES192_KEY_LENGTH)
+		rounds = AES192_ROUNDS;
+	else if (key_len == AES256_KEY_LENGTH)
+		rounds = AES256_ROUNDS;
+
+	return rounds;
+}
+
+static u32 aes_get_keycols(u32 key_len)
+{
+	u32 keycols = AES128_KEYCOLS;
+
+	if (key_len == AES192_KEY_LENGTH)
+		keycols = AES192_KEYCOLS;
+	else if (key_len == AES256_KEY_LENGTH)
+		keycols = AES256_KEYCOLS;
+
+	return keycols;
+}
+
 /* produce AES_STATECOLS bytes for each round */
-void aes_expand_key(u8 *key, u8 *expkey)
+void aes_expand_key(u8 *key, u32 key_len, u8 *expkey)
 {
 	u8 tmp0, tmp1, tmp2, tmp3, tmp4;
-	u32 idx;
+	u32 idx, aes_rounds, aes_keycols;
 
-	memcpy(expkey, key, AES_KEYCOLS * 4);
+	aes_rounds = aes_get_rounds(key_len);
+	aes_keycols = aes_get_keycols(key_len);
 
-	for (idx = AES_KEYCOLS; idx < AES_STATECOLS * (AES_ROUNDS + 1); idx++) {
+	memcpy(expkey, key, key_len);
+
+	for (idx = aes_keycols; idx < AES_STATECOLS * (aes_rounds + 1); idx++) {
 		tmp0 = expkey[4*idx - 4];
 		tmp1 = expkey[4*idx - 3];
 		tmp2 = expkey[4*idx - 2];
 		tmp3 = expkey[4*idx - 1];
-		if (!(idx % AES_KEYCOLS)) {
+		if (!(idx % aes_keycols)) {
 			tmp4 = tmp3;
 			tmp3 = sbox[tmp0];
-			tmp0 = sbox[tmp1] ^ rcon[idx / AES_KEYCOLS];
+			tmp0 = sbox[tmp1] ^ rcon[idx / aes_keycols];
 			tmp1 = sbox[tmp2];
 			tmp2 = sbox[tmp4];
-		} else if ((AES_KEYCOLS > 6) && (idx % AES_KEYCOLS == 4)) {
+		} else if ((aes_keycols > 6) && (idx % aes_keycols == 4)) {
 			tmp0 = sbox[tmp0];
 			tmp1 = sbox[tmp1];
 			tmp2 = sbox[tmp2];
 			tmp3 = sbox[tmp3];
 		}
 
-		expkey[4*idx+0] = expkey[4*idx - 4*AES_KEYCOLS + 0] ^ tmp0;
-		expkey[4*idx+1] = expkey[4*idx - 4*AES_KEYCOLS + 1] ^ tmp1;
-		expkey[4*idx+2] = expkey[4*idx - 4*AES_KEYCOLS + 2] ^ tmp2;
-		expkey[4*idx+3] = expkey[4*idx - 4*AES_KEYCOLS + 3] ^ tmp3;
+		expkey[4*idx+0] = expkey[4*idx - 4*aes_keycols + 0] ^ tmp0;
+		expkey[4*idx+1] = expkey[4*idx - 4*aes_keycols + 1] ^ tmp1;
+		expkey[4*idx+2] = expkey[4*idx - 4*aes_keycols + 2] ^ tmp2;
+		expkey[4*idx+3] = expkey[4*idx - 4*aes_keycols + 3] ^ tmp3;
 	}
 }
 
 /* encrypt one 128 bit block */
-void aes_encrypt(u8 *in, u8 *expkey, u8 *out)
+void aes_encrypt(u32 key_len, u8 *in, u8 *expkey, u8 *out)
 {
 	u8 state[AES_STATECOLS * 4];
-	u32 round;
+	u32 round, aes_rounds;
+
+	aes_rounds = aes_get_rounds(key_len);
 
 	memcpy(state, in, AES_STATECOLS * 4);
 	add_round_key((u32 *)state, (u32 *)expkey);
 
-	for (round = 1; round < AES_ROUNDS + 1; round++) {
-		if (round < AES_ROUNDS)
+	for (round = 1; round < aes_rounds + 1; round++) {
+		if (round < aes_rounds)
 			mix_sub_columns(state);
 		else
 			shift_rows(state);
@@ -563,18 +592,20 @@ void aes_encrypt(u8 *in, u8 *expkey, u8 *out)
 	memcpy(out, state, sizeof(state));
 }
 
-void aes_decrypt(u8 *in, u8 *expkey, u8 *out)
+void aes_decrypt(u32 key_len, u8 *in, u8 *expkey, u8 *out)
 {
 	u8 state[AES_STATECOLS * 4];
-	int round;
+	int round, aes_rounds;
+
+	aes_rounds = aes_get_rounds(key_len);
 
 	memcpy(state, in, sizeof(state));
 
 	add_round_key((u32 *)state,
-		      (u32 *)expkey + AES_ROUNDS * AES_STATECOLS);
+		      (u32 *)expkey + aes_rounds * AES_STATECOLS);
 	inv_shift_rows(state);
 
-	for (round = AES_ROUNDS; round--; ) {
+	for (round = aes_rounds; round--; ) {
 		add_round_key((u32 *)state,
 			      (u32 *)expkey + round * AES_STATECOLS);
 		if (round)
@@ -600,7 +631,7 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
 		*dst++ = *src++ ^ *cbc_chain_data++;
 }
 
-void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
+void aes_cbc_encrypt_blocks(u32 key_len, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 			    u32 num_aes_blocks)
 {
 	u8 tmp_data[AES_BLOCK_LENGTH];
@@ -616,7 +647,7 @@ void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 		debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data);
 
 		/* Encrypt the AES block */
-		aes_encrypt(tmp_data, key_exp, dst);
+		aes_encrypt(key_len, tmp_data, key_exp, dst);
 		debug_print_vector("AES Dst", AES_BLOCK_LENGTH, dst);
 
 		/* Update pointers for next loop. */
@@ -626,7 +657,7 @@ void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 	}
 }
 
-void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
+void aes_cbc_decrypt_blocks(u32 key_len, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 			    u32 num_aes_blocks)
 {
 	u8 tmp_data[AES_BLOCK_LENGTH], tmp_block[AES_BLOCK_LENGTH];
@@ -642,7 +673,7 @@ void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 		memcpy(tmp_block, src, AES_BLOCK_LENGTH);
 
 		/* Decrypt the AES block */
-		aes_decrypt(src, key_exp, tmp_data);
+		aes_decrypt(key_len, src, key_exp, tmp_data);
 		debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data);
 
 		/* Apply the chain data */
-- 
2.7.4

[U-Boot] [PATCH V3 3/5] tegra20: crypto: update code to use new aes api

[Philippe Reynes]

This commit update tge driver crypto for tegra20
to use the new aes api.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
 arch/arm/mach-tegra/tegra20/crypto.c | 41 +++++++++++++++++++-----------------
 1 file changed, 22 insertions(+), 19 deletions(-)

Changelog:
v3:
- no change
v2:
- add a really simple commit text

diff --git a/arch/arm/mach-tegra/tegra20/crypto.c b/arch/arm/mach-tegra/tegra20/crypto.c
index 66fbc3b..b91191e 100644
--- a/arch/arm/mach-tegra/tegra20/crypto.c
+++ b/arch/arm/mach-tegra/tegra20/crypto.c
@@ -39,34 +39,35 @@ static void left_shift_vector(u8 *in, u8 *out, int size)
 /**
  * Sign a block of data, putting the result into dst.
  *
- * \param key			Input AES key, length AES_KEY_LENGTH
+ * \param key			Input AES key, length AES128_KEY_LENGTH
  * \param key_schedule		Expanded key to use
  * \param src			Source data of length 'num_aes_blocks' blocks
- * \param dst			Destination buffer, length AES_KEY_LENGTH
+ * \param dst			Destination buffer, length AES128_KEY_LENGTH
  * \param num_aes_blocks	Number of AES blocks to encrypt
  */
 static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst,
 			u32 num_aes_blocks)
 {
-	u8 tmp_data[AES_KEY_LENGTH];
-	u8 iv[AES_KEY_LENGTH] = {0};
-	u8 left[AES_KEY_LENGTH];
-	u8 k1[AES_KEY_LENGTH];
+	u8 tmp_data[AES128_KEY_LENGTH];
+	u8 iv[AES128_KEY_LENGTH] = {0};
+	u8 left[AES128_KEY_LENGTH];
+	u8 k1[AES128_KEY_LENGTH];
 	u8 *cbc_chain_data;
 	unsigned i;
 
 	cbc_chain_data = zero_key;	/* Convenient array of 0's for IV */
 
 	/* compute K1 constant needed by AES-CMAC calculation */
-	for (i = 0; i < AES_KEY_LENGTH; i++)
+	for (i = 0; i < AES128_KEY_LENGTH; i++)
 		tmp_data[i] = 0;
 
-	aes_cbc_encrypt_blocks(key_schedule, iv, tmp_data, left, 1);
+	aes_cbc_encrypt_blocks(AES128_KEY_LENGTH, key_schedule, iv,
+			       tmp_data, left, 1);
 
 	left_shift_vector(left, k1, sizeof(left));
 
 	if ((left[0] >> 7) != 0) /* get MSB of L */
-		k1[AES_KEY_LENGTH-1] ^= AES_CMAC_CONST_RB;
+		k1[AES128_KEY_LENGTH - 1] ^= AES_CMAC_CONST_RB;
 
 	/* compute the AES-CMAC value */
 	for (i = 0; i < num_aes_blocks; i++) {
@@ -78,31 +79,32 @@ static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst,
 			aes_apply_cbc_chain_data(tmp_data, k1, tmp_data);
 
 		/* encrypt the AES block */
-		aes_encrypt(tmp_data, key_schedule, dst);
+		aes_encrypt(AES128_KEY_LENGTH, tmp_data,
+			    key_schedule, dst);
 
 		debug("sign_obj: block %d of %d\n", i, num_aes_blocks);
 
 		/* Update pointers for next loop. */
 		cbc_chain_data = dst;
-		src += AES_KEY_LENGTH;
+		src += AES128_KEY_LENGTH;
 	}
 }
 
 /**
  * Encrypt and sign a block of data (depending on security mode).
  *
- * \param key		Input AES key, length AES_KEY_LENGTH
+ * \param key		Input AES key, length AES128_KEY_LENGTH
  * \param oper		Security operations mask to perform (enum security_op)
  * \param src		Source data
  * \param length	Size of source data
- * \param sig_dst	Destination address for signature, AES_KEY_LENGTH bytes
+ * \param sig_dst	Destination address for signature, AES128_KEY_LENGTH bytes
  */
 static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src,
 			    u32 length, u8 *sig_dst)
 {
 	u32 num_aes_blocks;
-	u8 key_schedule[AES_EXPAND_KEY_LENGTH];
-	u8 iv[AES_KEY_LENGTH] = {0};
+	u8 key_schedule[AES128_EXPAND_KEY_LENGTH];
+	u8 iv[AES128_KEY_LENGTH] = {0};
 
 	debug("encrypt_and_sign: length = %d\n", length);
 
@@ -110,15 +112,16 @@ static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src,
 	 * The only need for a key is for signing/checksum purposes, so
 	 * if not encrypting, expand a key of 0s.
 	 */
-	aes_expand_key(oper & SECURITY_ENCRYPT ? key : zero_key, key_schedule);
+	aes_expand_key(oper & SECURITY_ENCRYPT ? key : zero_key,
+		       AES128_KEY_LENGTH, key_schedule);
 
-	num_aes_blocks = (length + AES_KEY_LENGTH - 1) / AES_KEY_LENGTH;
+	num_aes_blocks = (length + AES128_KEY_LENGTH - 1) / AES128_KEY_LENGTH;
 
 	if (oper & SECURITY_ENCRYPT) {
 		/* Perform this in place, resulting in src being encrypted. */
 		debug("encrypt_and_sign: begin encryption\n");
-		aes_cbc_encrypt_blocks(key_schedule, iv, src, src,
-				       num_aes_blocks);
+		aes_cbc_encrypt_blocks(AES128_KEY_LENGTH, key_schedule, iv, src,
+				       src, num_aes_blocks);
 		debug("encrypt_and_sign: end encryption\n");
 	}
 
-- 
2.7.4

[U-Boot] [PATCH V3 4/5] aes: add test unit for aes128

[Philippe Reynes]

This commit add test unit for aes128.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
 test/lib/Makefile   |   1 +
 test/lib/test_aes.c | 162 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 163 insertions(+)
 create mode 100644 test/lib/test_aes.c

Changelog:
v3:
- new patch in this serie (in the previous version, the test to
  aes was added to pytest, now, we add test unit for aes as proposed by Simon)

diff --git a/test/lib/Makefile b/test/lib/Makefile
index b13aaca..53c896a 100644
--- a/test/lib/Makefile
+++ b/test/lib/Makefile
@@ -7,3 +7,4 @@ obj-y += hexdump.o
 obj-y += lmb.o
 obj-y += string.o
 obj-$(CONFIG_ERRNO_STR) += test_errno_str.o
+obj-$(CONFIG_AES) += test_aes.o
diff --git a/test/lib/test_aes.c b/test/lib/test_aes.c
new file mode 100644
index 0000000..bddeabe
--- /dev/null
+++ b/test/lib/test_aes.c
@@ -0,0 +1,162 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (c) 2019 Philippe Reynes <philippe.reynes@softathome.com>
+ *
+ * Unit tests for aes functions
+ */
+
+#include <common.h>
+#include <command.h>
+#include <hexdump.h>
+#include <test/lib.h>
+#include <test/test.h>
+#include <test/ut.h>
+#include <uboot_aes.h>
+
+#define TEST_AES_ONE_BLOCK		0
+#define TEST_AES_CBC_CHAIN		1
+
+struct test_aes_s {
+	int key_len;
+	int key_exp_len;
+	int type;
+	int num_block;
+};
+
+static struct test_aes_s test_aes[] = {
+	{ AES128_KEY_LENGTH, AES128_EXPAND_KEY_LENGTH, TEST_AES_ONE_BLOCK,  1 },
+	{ AES128_KEY_LENGTH, AES128_EXPAND_KEY_LENGTH, TEST_AES_CBC_CHAIN, 16 },
+};
+
+static void rand_buf(u8 *buf, int size)
+{
+	int i;
+
+	for (i = 0; i < size; i++)
+		buf[i] = rand() & 0xff;
+}
+
+static int lib_test_aes_one_block(struct unit_test_state *uts, int key_len,
+				  u8 *key_exp, u8 *iv, int num_block,
+				  u8 *nocipher, u8 *ciphered, u8 *uncipher)
+{
+	aes_encrypt(key_len, nocipher, key_exp, ciphered);
+	aes_decrypt(key_len, ciphered, key_exp, uncipher);
+
+	ut_asserteq_mem(nocipher, uncipher, AES_BLOCK_LENGTH);
+
+	/* corrupt the expanded key */
+	key_exp[0]++;
+	aes_decrypt(key_len, ciphered, key_exp, uncipher);
+	ut_assertf(memcmp(nocipher, uncipher, AES_BLOCK_LENGTH),
+		   "nocipher and uncipher should be different\n");
+
+	return 0;
+}
+
+static int lib_test_aes_cbc_chain(struct unit_test_state *uts, int key_len,
+				  u8 *key_exp, u8 *iv, int num_block,
+				  u8 *nocipher, u8 *ciphered, u8 *uncipher)
+{
+	aes_cbc_encrypt_blocks(key_len, key_exp, iv,
+			       nocipher, ciphered, num_block);
+	aes_cbc_decrypt_blocks(key_len, key_exp, iv,
+			       ciphered, uncipher, num_block);
+
+	ut_asserteq_mem(nocipher, uncipher, num_block * AES_BLOCK_LENGTH);
+
+	/* corrupt the expanded key */
+	key_exp[0]++;
+	aes_cbc_decrypt_blocks(key_len, key_exp, iv,
+			       ciphered, uncipher, num_block);
+	ut_assertf(memcmp(nocipher, uncipher, num_block * AES_BLOCK_LENGTH),
+		   "nocipher and uncipher should be different\n");
+
+	return 0;
+}
+
+static int _lib_test_aes_run(struct unit_test_state *uts, int key_len,
+			     int key_exp_len, int type, int num_block)
+{
+	u8 *key, *key_exp, *iv;
+	u8 *nocipher, *ciphered, *uncipher;
+	int ret;
+
+	/* Allocate all the buffer */
+	key = malloc(key_len);
+	ut_assertnonnull(key);
+	key_exp = malloc(key_exp_len);
+	ut_assertnonnull(key_exp);
+	iv = malloc(AES_BLOCK_LENGTH);
+	ut_assertnonnull(iv);
+	nocipher = malloc(num_block * AES_BLOCK_LENGTH);
+	ut_assertnonnull(nocipher);
+	ciphered = malloc((num_block + 1) * AES_BLOCK_LENGTH);
+	ut_assertnonnull(ciphered);
+	uncipher = malloc((num_block + 1) * AES_BLOCK_LENGTH);
+	ut_assertnonnull(uncipher);
+
+	/* Initialize all buffer */
+	rand_buf(key, key_len);
+	rand_buf(iv, AES_BLOCK_LENGTH);
+	rand_buf(nocipher, num_block * AES_BLOCK_LENGTH);
+	memset(ciphered, 0, (num_block + 1) * AES_BLOCK_LENGTH);
+	memset(uncipher, 0, (num_block + 1) * AES_BLOCK_LENGTH);
+
+	/* Expand the key */
+	aes_expand_key(key, key_len, key_exp);
+
+	/* Encrypt and decrypt */
+	switch (type) {
+	case TEST_AES_ONE_BLOCK:
+		ret = lib_test_aes_one_block(uts, key_len, key_exp, iv,
+					     num_block, nocipher,
+					     ciphered, uncipher);
+		break;
+	case TEST_AES_CBC_CHAIN:
+		ret = lib_test_aes_cbc_chain(uts, key_len, key_exp, iv,
+					     num_block, nocipher,
+					     ciphered, uncipher);
+		break;
+	default:
+		printf("%s: unknown type (type=%d)\n", __func__, type);
+		ret = -1;
+	};
+
+	/* Free all the data */
+	free(key);
+	free(key_exp);
+	free(iv);
+	free(nocipher);
+	free(ciphered);
+	free(uncipher);
+
+	return ret;
+}
+
+static int lib_test_aes_run(struct unit_test_state *uts,
+			    struct test_aes_s *test)
+{
+	int key_len = test->key_len;
+	int key_exp_len = test->key_exp_len;
+	int type = test->type;
+	int num_block = test->num_block;
+
+	return _lib_test_aes_run(uts, key_len, key_exp_len,
+				 type, num_block);
+}
+
+static int lib_test_aes(struct unit_test_state *uts)
+{
+	int i, ret = 0;
+
+	for (i = 0; i < ARRAY_SIZE(test_aes); i++) {
+		ret = lib_test_aes_run(uts, &test_aes[i]);
+		if (ret)
+			break;
+	}
+
+	return ret;
+}
+
+LIB_TEST(lib_test_aes, 0);
-- 
2.7.4

[U-Boot] [PATCH V3 5/5] aes: add test unit for aes196 and aes256

[Philippe Reynes]

This commit add test unit for aes196 and aes256.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
 test/lib/test_aes.c | 4 ++++
 1 file changed, 4 insertions(+)

Changelog:
v3:
- new patch in this serie (in the previous version, the test to
  aes was added to pytest, now, we add test unit for aes as proposed by Simon)

diff --git a/test/lib/test_aes.c b/test/lib/test_aes.c
index bddeabe..3d4fada 100644
--- a/test/lib/test_aes.c
+++ b/test/lib/test_aes.c
@@ -26,6 +26,10 @@ struct test_aes_s {
 static struct test_aes_s test_aes[] = {
 	{ AES128_KEY_LENGTH, AES128_EXPAND_KEY_LENGTH, TEST_AES_ONE_BLOCK,  1 },
 	{ AES128_KEY_LENGTH, AES128_EXPAND_KEY_LENGTH, TEST_AES_CBC_CHAIN, 16 },
+	{ AES192_KEY_LENGTH, AES192_EXPAND_KEY_LENGTH, TEST_AES_ONE_BLOCK,  1 },
+	{ AES192_KEY_LENGTH, AES192_EXPAND_KEY_LENGTH, TEST_AES_CBC_CHAIN, 16 },
+	{ AES256_KEY_LENGTH, AES256_EXPAND_KEY_LENGTH, TEST_AES_ONE_BLOCK,  1 },
+	{ AES256_KEY_LENGTH, AES256_EXPAND_KEY_LENGTH, TEST_AES_CBC_CHAIN, 16 },
 };
 
 static void rand_buf(u8 *buf, int size)
-- 
2.7.4

[PATCH V3 1/5] aes: add a define for the size of a block

[Simon Glass]

On Fri, 15 Nov 2019 at 11:10, Philippe Reynes
<philippe.reynes@softathome.com> wrote:
>
> In the code, we use the size of the key for the
> size of the block. It's true when the key is 128 bits,
> but it become false for key of 192 bits and 256 bits.
> So to prepare the support of aes192  and 256,
> we introduce a constant for the iaes block size.
>
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> ---
>  cmd/aes.c           |  2 +-
>  include/uboot_aes.h |  5 +++--
>  lib/aes.c           | 34 +++++++++++++++++-----------------
>  3 files changed, 21 insertions(+), 20 deletions(-)
>
> Changelog:
> v3:
> - no change
> v2:
> - no change
>

Reviewed-by: Simon Glass <sjg@chromium.org>

[PATCH V3 2/5] aes: add support of aes192 and aes256

[Simon Glass]

On Fri, 15 Nov 2019 at 11:10, Philippe Reynes
<philippe.reynes@softathome.com> wrote:
>
> Until now, we only support aes128. This commit add the support
> of aes192 and aes256.
>
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> ---
>  cmd/aes.c           | 38 +++++++++++++++++---------
>  include/uboot_aes.h | 34 +++++++++++++++--------
>  lib/aes.c           | 77 +++++++++++++++++++++++++++++++++++++----------------
>  3 files changed, 103 insertions(+), 46 deletions(-)
>
> Changelog:
> v3:
> - no change
> v2:
> - fix the help for the aes command
>

Reviewed-by: Simon Glass <sjg@chromium.org>

[PATCH V3 3/5] tegra20: crypto: update code to use new aes api

[Simon Glass]

On Fri, 15 Nov 2019 at 11:10, Philippe Reynes
<philippe.reynes@softathome.com> wrote:
>
> This commit update tge driver crypto for tegra20
> to use the new aes api.
>
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> ---
>  arch/arm/mach-tegra/tegra20/crypto.c | 41 +++++++++++++++++++-----------------
>  1 file changed, 22 insertions(+), 19 deletions(-)
>
> Changelog:
> v3:
> - no change
> v2:
> - add a really simple commit text
>

Reviewed-by: Simon Glass <sjg@chromium.org>

But it looks like you need to squash this with the previous commit to
avoid a build error on this one.

[PATCH V3 4/5] aes: add test unit for aes128

[Simon Glass]

Hi Philippe,

On Fri, 15 Nov 2019 at 11:10, Philippe Reynes
<philippe.reynes@softathome.com> wrote:
>
> This commit add test unit for aes128.
>
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> ---
>  test/lib/Makefile   |   1 +
>  test/lib/test_aes.c | 162 ++++++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 163 insertions(+)
>  create mode 100644 test/lib/test_aes.c
>
> Changelog:
> v3:
> - new patch in this serie (in the previous version, the test to
>   aes was added to pytest, now, we add test unit for aes as proposed by Simon)
>

Reviewed-by: Simon Glass <sjg@chromium.org>

nit below

[..]

> diff --git a/test/lib/test_aes.c b/test/lib/test_aes.c
> new file mode 100644
> index 0000000..bddeabe
> --- /dev/null
> +++ b/test/lib/test_aes.c
> @@ -0,0 +1,162 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright (c) 2019 Philippe Reynes <philippe.reynes@softathome.com>
> + *
> + * Unit tests for aes functions
> + */
> +
> +#include <common.h>
> +#include <command.h>
> +#include <hexdump.h>
> +#include <test/lib.h>
> +#include <test/test.h>
> +#include <test/ut.h>
> +#include <uboot_aes.h>

Put test/ headers at the end.

Regards,
Simon

[PATCH V3 5/5] aes: add test unit for aes196 and aes256

[Simon Glass]

On Fri, 15 Nov 2019 at 11:10, Philippe Reynes
<philippe.reynes@softathome.com> wrote:
>
> This commit add test unit for aes196 and aes256.
>
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> ---
>  test/lib/test_aes.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> Changelog:
> v3:
> - new patch in this serie (in the previous version, the test to
>   aes was added to pytest, now, we add test unit for aes as proposed by Simon)
>

Reviewed-by: Simon Glass <sjg@chromium.org>