[U-Boot] [PATCH 0/4] aes: add support for aes192 and aes256

[U-Boot] [PATCH 0/4] aes: add support for aes192 and aes256

[Philippe Reynes]

This serie add the support of aes192 and aes256.
This first commit clean a bit the code, and introduce
a constant for the block (instead of using the key size).
The second commit add the support of aes192 and aes256
to the lib and the cmd. The third update the code of
crypto for tegra20, and the forth one add tests in 
pytest for aes192 and aes256.

Philippe Reynes (4):
  aes: add a define for the size of a block
  aes: add support of aes192 and aes256
  tegra20: crypto: update code to use new aes api
  pytest: aes: add test for aes192 and aes256

 arch/arm/mach-tegra/tegra20/crypto.c |  41 +++++++------
 cmd/aes.c                            |  40 +++++++++----
 include/uboot_aes.h                  |  39 ++++++++----
 lib/aes.c                            | 111 ++++++++++++++++++++++-------------
 test/py/tests/aes/key192.bin         |   1 +
 test/py/tests/aes/key256.bin         |   1 +
 test/py/tests/test_aes.py            |  54 ++++++++++++++++-
 7 files changed, 201 insertions(+), 86 deletions(-)
 create mode 100644 test/py/tests/aes/key192.bin
 create mode 100644 test/py/tests/aes/key256.bin

-- 
2.7.4

[U-Boot] [PATCH 1/4] aes: add a define for the size of a block

[Philippe Reynes]

In the code, we use the size of the key for the
size of the block. It's true when the key is 128 bits,
but it become false for key of 192 bits and 256 bits.
So to prepare the support of aes192  and 256,
we introduce a constant for the iaes block size.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
 cmd/aes.c           |  2 +-
 include/uboot_aes.h |  5 +++--
 lib/aes.c           | 34 +++++++++++++++++-----------------
 3 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/cmd/aes.c b/cmd/aes.c
index 3db110c..d0a45fa 100644
--- a/cmd/aes.c
+++ b/cmd/aes.c
@@ -56,7 +56,7 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
 	aes_expand_key(key_ptr, key_exp);
 
 	/* Calculate the number of AES blocks to encrypt. */
-	aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH);
+	aes_blocks = DIV_ROUND_UP(len, AES_BLOCK_LENGTH);
 
 	if (enc)
 		aes_cbc_encrypt_blocks(key_exp, iv_ptr, src_ptr, dst_ptr,
diff --git a/include/uboot_aes.h b/include/uboot_aes.h
index 2fda384..1ae3ac9 100644
--- a/include/uboot_aes.h
+++ b/include/uboot_aes.h
@@ -18,7 +18,7 @@ typedef unsigned int u32;
  * AES encryption library, with small code size, supporting only 128-bit AES
  *
  * AES is a stream cipher which works a block at a time, with each block
- * in this case being AES_KEY_LENGTH bytes.
+ * in this case being AES_BLOCK_LENGTH bytes.
  */
 
 enum {
@@ -28,6 +28,7 @@ enum {
 
 	AES_KEY_LENGTH	= 128 / 8,
 	AES_EXPAND_KEY_LENGTH	= 4 * AES_STATECOLS * (AES_ROUNDS + 1),
+	AES_BLOCK_LENGTH	= 128 / 8,
 };
 
 /**
@@ -62,7 +63,7 @@ void aes_decrypt(u8 *in, u8 *expkey, u8 *out);
 /**
  * Apply chain data to the destination using EOR
  *
- * Each array is of length AES_KEY_LENGTH.
+ * Each array is of length AES_BLOCK_LENGTH.
  *
  * @cbc_chain_data	Chain data
  * @src			Source data
diff --git a/lib/aes.c b/lib/aes.c
index a12a192..cfa57b6 100644
--- a/lib/aes.c
+++ b/lib/aes.c
@@ -596,62 +596,62 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
 {
 	int i;
 
-	for (i = 0; i < AES_KEY_LENGTH; i++)
+	for (i = 0; i < AES_BLOCK_LENGTH; i++)
 		*dst++ = *src++ ^ *cbc_chain_data++;
 }
 
 void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 			    u32 num_aes_blocks)
 {
-	u8 tmp_data[AES_KEY_LENGTH];
+	u8 tmp_data[AES_BLOCK_LENGTH];
 	u8 *cbc_chain_data = iv;
 	u32 i;
 
 	for (i = 0; i < num_aes_blocks; i++) {
 		debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
-		debug_print_vector("AES Src", AES_KEY_LENGTH, src);
+		debug_print_vector("AES Src", AES_BLOCK_LENGTH, src);
 
 		/* Apply the chain data */
 		aes_apply_cbc_chain_data(cbc_chain_data, src, tmp_data);
-		debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
+		debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data);
 
 		/* Encrypt the AES block */
 		aes_encrypt(tmp_data, key_exp, dst);
-		debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
+		debug_print_vector("AES Dst", AES_BLOCK_LENGTH, dst);
 
 		/* Update pointers for next loop. */
 		cbc_chain_data = dst;
-		src += AES_KEY_LENGTH;
-		dst += AES_KEY_LENGTH;
+		src += AES_BLOCK_LENGTH;
+		dst += AES_BLOCK_LENGTH;
 	}
 }
 
 void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 			    u32 num_aes_blocks)
 {
-	u8 tmp_data[AES_KEY_LENGTH], tmp_block[AES_KEY_LENGTH];
+	u8 tmp_data[AES_BLOCK_LENGTH], tmp_block[AES_BLOCK_LENGTH];
 	/* Convenient array of 0's for IV */
-	u8 cbc_chain_data[AES_KEY_LENGTH];
+	u8 cbc_chain_data[AES_BLOCK_LENGTH];
 	u32 i;
 
-	memcpy(cbc_chain_data, iv, AES_KEY_LENGTH);
+	memcpy(cbc_chain_data, iv, AES_BLOCK_LENGTH);
 	for (i = 0; i < num_aes_blocks; i++) {
 		debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
-		debug_print_vector("AES Src", AES_KEY_LENGTH, src);
+		debug_print_vector("AES Src", AES_BLOCK_LENGTH, src);
 
-		memcpy(tmp_block, src, AES_KEY_LENGTH);
+		memcpy(tmp_block, src, AES_BLOCK_LENGTH);
 
 		/* Decrypt the AES block */
 		aes_decrypt(src, key_exp, tmp_data);
-		debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
+		debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data);
 
 		/* Apply the chain data */
 		aes_apply_cbc_chain_data(cbc_chain_data, tmp_data, dst);
-		debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
+		debug_print_vector("AES Dst", AES_BLOCK_LENGTH, dst);
 
 		/* Update pointers for next loop. */
-		memcpy(cbc_chain_data, tmp_block, AES_KEY_LENGTH);
-		src += AES_KEY_LENGTH;
-		dst += AES_KEY_LENGTH;
+		memcpy(cbc_chain_data, tmp_block, AES_BLOCK_LENGTH);
+		src += AES_BLOCK_LENGTH;
+		dst += AES_BLOCK_LENGTH;
 	}
 }
-- 
2.7.4

[U-Boot] [PATCH 2/4] aes: add support of aes192 and aes256

[Philippe Reynes]

Until now, we only support aes128. This commit add the support
of aes192 and aes256.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
 cmd/aes.c           | 38 +++++++++++++++++---------
 include/uboot_aes.h | 34 +++++++++++++++--------
 lib/aes.c           | 77 +++++++++++++++++++++++++++++++++++++----------------
 3 files changed, 103 insertions(+), 46 deletions(-)

diff --git a/cmd/aes.c b/cmd/aes.c
index d0a45fa..e0e43cc 100644
--- a/cmd/aes.c
+++ b/cmd/aes.c
@@ -2,7 +2,7 @@
 /*
  * Copyright (C) 2014 Marek Vasut <marex@denx.de>
  *
- * Command for en/de-crypting block of memory with AES-128-CBC cipher.
+ * Command for en/de-crypting block of memory with AES-[128/192/256]-CBC cipher.
  */
 
 #include <common.h>
@@ -13,6 +13,18 @@
 #include <linux/compiler.h>
 #include <mapmem.h>
 
+u32 aes_get_key_len(char *command)
+{
+	u32 key_len = AES128_KEY_LENGTH;
+
+	if (!strcmp(command, "aes.192"))
+		key_len = AES192_KEY_LENGTH;
+	else if (!strcmp(command, "aes.256"))
+		key_len = AES256_KEY_LENGTH;
+
+	return key_len;
+}
+
 /**
  * do_aes() - Handle the "aes" command-line command
  * @cmdtp:	Command data struct pointer
@@ -27,13 +39,15 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
 {
 	uint32_t key_addr, iv_addr, src_addr, dst_addr, len;
 	uint8_t *key_ptr, *iv_ptr, *src_ptr, *dst_ptr;
-	uint8_t key_exp[AES_EXPAND_KEY_LENGTH];
-	uint32_t aes_blocks;
+	u8 key_exp[AES256_EXPAND_KEY_LENGTH];
+	u32 aes_blocks, key_len;
 	int enc;
 
 	if (argc != 7)
 		return CMD_RET_USAGE;
 
+	key_len = aes_get_key_len(argv[0]);
+
 	if (!strncmp(argv[1], "enc", 3))
 		enc = 1;
 	else if (!strncmp(argv[1], "dec", 3))
@@ -47,23 +61,23 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
 	dst_addr = simple_strtoul(argv[5], NULL, 16);
 	len = simple_strtoul(argv[6], NULL, 16);
 
-	key_ptr = (uint8_t *)map_sysmem(key_addr, 128 / 8);
+	key_ptr = (uint8_t *)map_sysmem(key_addr, key_len);
 	iv_ptr = (uint8_t *)map_sysmem(iv_addr, 128 / 8);
 	src_ptr = (uint8_t *)map_sysmem(src_addr, len);
 	dst_ptr = (uint8_t *)map_sysmem(dst_addr, len);
 
 	/* First we expand the key. */
-	aes_expand_key(key_ptr, key_exp);
+	aes_expand_key(key_ptr, key_len, key_exp);
 
 	/* Calculate the number of AES blocks to encrypt. */
 	aes_blocks = DIV_ROUND_UP(len, AES_BLOCK_LENGTH);
 
 	if (enc)
-		aes_cbc_encrypt_blocks(key_exp, iv_ptr, src_ptr, dst_ptr,
-				       aes_blocks);
+		aes_cbc_encrypt_blocks(key_len, key_exp, iv_ptr, src_ptr,
+				       dst_ptr, aes_blocks);
 	else
-		aes_cbc_decrypt_blocks(key_exp, iv_ptr, src_ptr, dst_ptr,
-				       aes_blocks);
+		aes_cbc_decrypt_blocks(key_len, key_exp, iv_ptr, src_ptr,
+				       dst_ptr, aes_blocks);
 
 	return 0;
 }
@@ -71,13 +85,13 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
 /***************************************************/
 #ifdef CONFIG_SYS_LONGHELP
 static char aes_help_text[] =
-	"enc key iv src dst len - Encrypt block of data $len bytes long\n"
+	"[.128,.192,.256] enc key iv src dst len - Encrypt block of data $len bytes long\n"
 	"                             at address $src using a key at address\n"
 	"                             $key with initialization vector at address\n"
 	"                             $iv. Store the result at address $dst.\n"
 	"                             The $len size must be multiple of 16 bytes.\n"
 	"                             The $key and $iv must be 16 bytes long.\n"
-	"aes dec key iv src dst len - Decrypt block of data $len bytes long\n"
+	"[.128,.192,.256] aes dec key iv src dst len - Decrypt block of data $len bytes long\n"
 	"                             at address $src using a key at address\n"
 	"                             $key with initialization vector at address\n"
 	"                             $iv. Store the result at address $dst.\n"
@@ -87,6 +101,6 @@ static char aes_help_text[] =
 
 U_BOOT_CMD(
 	aes, 7, 1, do_aes,
-	"AES 128 CBC encryption",
+	"AES 128/192/256 CBC encryption",
 	aes_help_text
 );
diff --git a/include/uboot_aes.h b/include/uboot_aes.h
index 1ae3ac9..d2583be 100644
--- a/include/uboot_aes.h
+++ b/include/uboot_aes.h
@@ -23,11 +23,18 @@ typedef unsigned int u32;
 
 enum {
 	AES_STATECOLS	= 4,	/* columns in the state & expanded key */
-	AES_KEYCOLS	= 4,	/* columns in a key */
-	AES_ROUNDS	= 10,	/* rounds in encryption */
-
-	AES_KEY_LENGTH	= 128 / 8,
-	AES_EXPAND_KEY_LENGTH	= 4 * AES_STATECOLS * (AES_ROUNDS + 1),
+	AES128_KEYCOLS	= 4,	/* columns in a key for aes128 */
+	AES192_KEYCOLS	= 6,	/* columns in a key for aes128 */
+	AES256_KEYCOLS	= 8,	/* columns in a key for aes128 */
+	AES128_ROUNDS	= 10,	/* rounds in encryption for aes128 */
+	AES192_ROUNDS	= 12,	/* rounds in encryption for aes192 */
+	AES256_ROUNDS	= 14,	/* rounds in encryption for aes256 */
+	AES128_KEY_LENGTH	= 128 / 8,
+	AES192_KEY_LENGTH	= 192 / 8,
+	AES256_KEY_LENGTH	= 256 / 8,
+	AES128_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES128_ROUNDS + 1),
+	AES192_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES192_ROUNDS + 1),
+	AES256_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES256_ROUNDS + 1),
 	AES_BLOCK_LENGTH	= 128 / 8,
 };
 
@@ -37,28 +44,31 @@ enum {
  * Expand a key into a key schedule, which is then used for the other
  * operations.
  *
- * @key		Key, of length AES_KEY_LENGTH bytes
+ * @key		Key
+ * @key_size	Size of the key (in bits)
  * @expkey	Buffer to place expanded key, AES_EXPAND_KEY_LENGTH
  */
-void aes_expand_key(u8 *key, u8 *expkey);
+void aes_expand_key(u8 *key, u32 key_size, u8 *expkey);
 
 /**
  * aes_encrypt() - Encrypt single block of data with AES 128
  *
+ * @key_size	Size of the aes key (in bits)
  * @in		Input data
  * @expkey	Expanded key to use for encryption (from aes_expand_key())
  * @out		Output data
  */
-void aes_encrypt(u8 *in, u8 *expkey, u8 *out);
+void aes_encrypt(u32 key_size, u8 *in, u8 *expkey, u8 *out);
 
 /**
  * aes_decrypt() - Decrypt single block of data with AES 128
  *
+ * @key_size	Size of the aes key (in bits)
  * @in		Input data
  * @expkey	Expanded key to use for decryption (from aes_expand_key())
  * @out		Output data
  */
-void aes_decrypt(u8 *in, u8 *expkey, u8 *out);
+void aes_decrypt(u32 key_size, u8 *in, u8 *expkey, u8 *out);
 
 /**
  * Apply chain data to the destination using EOR
@@ -74,25 +84,27 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst);
 /**
  * aes_cbc_encrypt_blocks() - Encrypt multiple blocks of data with AES CBC.
  *
+ * @key_size		Size of the aes key (in bits)
  * @key_exp		Expanded key to use
  * @iv			Initialization vector
  * @src			Source data to encrypt
  * @dst			Destination buffer
  * @num_aes_blocks	Number of AES blocks to encrypt
  */
-void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
+void aes_cbc_encrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 			    u32 num_aes_blocks);
 
 /**
  * Decrypt multiple blocks of data with AES CBC.
  *
+ * @key_size		Size of the aes key (in bits)
  * @key_exp		Expanded key to use
  * @iv			Initialization vector
  * @src			Source data to decrypt
  * @dst			Destination buffer
  * @num_aes_blocks	Number of AES blocks to decrypt
  */
-void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
+void aes_cbc_decrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 			    u32 num_aes_blocks);
 
 #endif /* _AES_REF_H_ */
diff --git a/lib/aes.c b/lib/aes.c
index cfa57b6..ce53c9f 100644
--- a/lib/aes.c
+++ b/lib/aes.c
@@ -508,50 +508,79 @@ static u8 rcon[11] = {
 	0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36
 };
 
+static u32 aes_get_rounds(u32 key_len)
+{
+	u32 rounds = AES128_ROUNDS;
+
+	if (key_len == AES192_KEY_LENGTH)
+		rounds = AES192_ROUNDS;
+	else if (key_len == AES256_KEY_LENGTH)
+		rounds = AES256_ROUNDS;
+
+	return rounds;
+}
+
+static u32 aes_get_keycols(u32 key_len)
+{
+	u32 keycols = AES128_KEYCOLS;
+
+	if (key_len == AES192_KEY_LENGTH)
+		keycols = AES192_KEYCOLS;
+	else if (key_len == AES256_KEY_LENGTH)
+		keycols = AES256_KEYCOLS;
+
+	return keycols;
+}
+
 /* produce AES_STATECOLS bytes for each round */
-void aes_expand_key(u8 *key, u8 *expkey)
+void aes_expand_key(u8 *key, u32 key_len, u8 *expkey)
 {
 	u8 tmp0, tmp1, tmp2, tmp3, tmp4;
-	u32 idx;
+	u32 idx, aes_rounds, aes_keycols;
 
-	memcpy(expkey, key, AES_KEYCOLS * 4);
+	aes_rounds = aes_get_rounds(key_len);
+	aes_keycols = aes_get_keycols(key_len);
 
-	for (idx = AES_KEYCOLS; idx < AES_STATECOLS * (AES_ROUNDS + 1); idx++) {
+	memcpy(expkey, key, key_len);
+
+	for (idx = aes_keycols; idx < AES_STATECOLS * (aes_rounds + 1); idx++) {
 		tmp0 = expkey[4*idx - 4];
 		tmp1 = expkey[4*idx - 3];
 		tmp2 = expkey[4*idx - 2];
 		tmp3 = expkey[4*idx - 1];
-		if (!(idx % AES_KEYCOLS)) {
+		if (!(idx % aes_keycols)) {
 			tmp4 = tmp3;
 			tmp3 = sbox[tmp0];
-			tmp0 = sbox[tmp1] ^ rcon[idx / AES_KEYCOLS];
+			tmp0 = sbox[tmp1] ^ rcon[idx / aes_keycols];
 			tmp1 = sbox[tmp2];
 			tmp2 = sbox[tmp4];
-		} else if ((AES_KEYCOLS > 6) && (idx % AES_KEYCOLS == 4)) {
+		} else if ((aes_keycols > 6) && (idx % aes_keycols == 4)) {
 			tmp0 = sbox[tmp0];
 			tmp1 = sbox[tmp1];
 			tmp2 = sbox[tmp2];
 			tmp3 = sbox[tmp3];
 		}
 
-		expkey[4*idx+0] = expkey[4*idx - 4*AES_KEYCOLS + 0] ^ tmp0;
-		expkey[4*idx+1] = expkey[4*idx - 4*AES_KEYCOLS + 1] ^ tmp1;
-		expkey[4*idx+2] = expkey[4*idx - 4*AES_KEYCOLS + 2] ^ tmp2;
-		expkey[4*idx+3] = expkey[4*idx - 4*AES_KEYCOLS + 3] ^ tmp3;
+		expkey[4*idx+0] = expkey[4*idx - 4*aes_keycols + 0] ^ tmp0;
+		expkey[4*idx+1] = expkey[4*idx - 4*aes_keycols + 1] ^ tmp1;
+		expkey[4*idx+2] = expkey[4*idx - 4*aes_keycols + 2] ^ tmp2;
+		expkey[4*idx+3] = expkey[4*idx - 4*aes_keycols + 3] ^ tmp3;
 	}
 }
 
 /* encrypt one 128 bit block */
-void aes_encrypt(u8 *in, u8 *expkey, u8 *out)
+void aes_encrypt(u32 key_len, u8 *in, u8 *expkey, u8 *out)
 {
 	u8 state[AES_STATECOLS * 4];
-	u32 round;
+	u32 round, aes_rounds;
+
+	aes_rounds = aes_get_rounds(key_len);
 
 	memcpy(state, in, AES_STATECOLS * 4);
 	add_round_key((u32 *)state, (u32 *)expkey);
 
-	for (round = 1; round < AES_ROUNDS + 1; round++) {
-		if (round < AES_ROUNDS)
+	for (round = 1; round < aes_rounds + 1; round++) {
+		if (round < aes_rounds)
 			mix_sub_columns(state);
 		else
 			shift_rows(state);
@@ -563,18 +592,20 @@ void aes_encrypt(u8 *in, u8 *expkey, u8 *out)
 	memcpy(out, state, sizeof(state));
 }
 
-void aes_decrypt(u8 *in, u8 *expkey, u8 *out)
+void aes_decrypt(u32 key_len, u8 *in, u8 *expkey, u8 *out)
 {
 	u8 state[AES_STATECOLS * 4];
-	int round;
+	int round, aes_rounds;
+
+	aes_rounds = aes_get_rounds(key_len);
 
 	memcpy(state, in, sizeof(state));
 
 	add_round_key((u32 *)state,
-		      (u32 *)expkey + AES_ROUNDS * AES_STATECOLS);
+		      (u32 *)expkey + aes_rounds * AES_STATECOLS);
 	inv_shift_rows(state);
 
-	for (round = AES_ROUNDS; round--; ) {
+	for (round = aes_rounds; round--; ) {
 		add_round_key((u32 *)state,
 			      (u32 *)expkey + round * AES_STATECOLS);
 		if (round)
@@ -600,7 +631,7 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
 		*dst++ = *src++ ^ *cbc_chain_data++;
 }
 
-void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
+void aes_cbc_encrypt_blocks(u32 key_len, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 			    u32 num_aes_blocks)
 {
 	u8 tmp_data[AES_BLOCK_LENGTH];
@@ -616,7 +647,7 @@ void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 		debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data);
 
 		/* Encrypt the AES block */
-		aes_encrypt(tmp_data, key_exp, dst);
+		aes_encrypt(key_len, tmp_data, key_exp, dst);
 		debug_print_vector("AES Dst", AES_BLOCK_LENGTH, dst);
 
 		/* Update pointers for next loop. */
@@ -626,7 +657,7 @@ void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 	}
 }
 
-void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
+void aes_cbc_decrypt_blocks(u32 key_len, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 			    u32 num_aes_blocks)
 {
 	u8 tmp_data[AES_BLOCK_LENGTH], tmp_block[AES_BLOCK_LENGTH];
@@ -642,7 +673,7 @@ void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 		memcpy(tmp_block, src, AES_BLOCK_LENGTH);
 
 		/* Decrypt the AES block */
-		aes_decrypt(src, key_exp, tmp_data);
+		aes_decrypt(key_len, src, key_exp, tmp_data);
 		debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data);
 
 		/* Apply the chain data */
-- 
2.7.4

[U-Boot] [PATCH 3/4] tegra20: crypto: update code to use new aes api

[Philippe Reynes]

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
 arch/arm/mach-tegra/tegra20/crypto.c | 41 +++++++++++++++++++-----------------
 1 file changed, 22 insertions(+), 19 deletions(-)

diff --git a/arch/arm/mach-tegra/tegra20/crypto.c b/arch/arm/mach-tegra/tegra20/crypto.c
index 66fbc3b..b91191e 100644
--- a/arch/arm/mach-tegra/tegra20/crypto.c
+++ b/arch/arm/mach-tegra/tegra20/crypto.c
@@ -39,34 +39,35 @@ static void left_shift_vector(u8 *in, u8 *out, int size)
 /**
  * Sign a block of data, putting the result into dst.
  *
- * \param key			Input AES key, length AES_KEY_LENGTH
+ * \param key			Input AES key, length AES128_KEY_LENGTH
  * \param key_schedule		Expanded key to use
  * \param src			Source data of length 'num_aes_blocks' blocks
- * \param dst			Destination buffer, length AES_KEY_LENGTH
+ * \param dst			Destination buffer, length AES128_KEY_LENGTH
  * \param num_aes_blocks	Number of AES blocks to encrypt
  */
 static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst,
 			u32 num_aes_blocks)
 {
-	u8 tmp_data[AES_KEY_LENGTH];
-	u8 iv[AES_KEY_LENGTH] = {0};
-	u8 left[AES_KEY_LENGTH];
-	u8 k1[AES_KEY_LENGTH];
+	u8 tmp_data[AES128_KEY_LENGTH];
+	u8 iv[AES128_KEY_LENGTH] = {0};
+	u8 left[AES128_KEY_LENGTH];
+	u8 k1[AES128_KEY_LENGTH];
 	u8 *cbc_chain_data;
 	unsigned i;
 
 	cbc_chain_data = zero_key;	/* Convenient array of 0's for IV */
 
 	/* compute K1 constant needed by AES-CMAC calculation */
-	for (i = 0; i < AES_KEY_LENGTH; i++)
+	for (i = 0; i < AES128_KEY_LENGTH; i++)
 		tmp_data[i] = 0;
 
-	aes_cbc_encrypt_blocks(key_schedule, iv, tmp_data, left, 1);
+	aes_cbc_encrypt_blocks(AES128_KEY_LENGTH, key_schedule, iv,
+			       tmp_data, left, 1);
 
 	left_shift_vector(left, k1, sizeof(left));
 
 	if ((left[0] >> 7) != 0) /* get MSB of L */
-		k1[AES_KEY_LENGTH-1] ^= AES_CMAC_CONST_RB;
+		k1[AES128_KEY_LENGTH - 1] ^= AES_CMAC_CONST_RB;
 
 	/* compute the AES-CMAC value */
 	for (i = 0; i < num_aes_blocks; i++) {
@@ -78,31 +79,32 @@ static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst,
 			aes_apply_cbc_chain_data(tmp_data, k1, tmp_data);
 
 		/* encrypt the AES block */
-		aes_encrypt(tmp_data, key_schedule, dst);
+		aes_encrypt(AES128_KEY_LENGTH, tmp_data,
+			    key_schedule, dst);
 
 		debug("sign_obj: block %d of %d\n", i, num_aes_blocks);
 
 		/* Update pointers for next loop. */
 		cbc_chain_data = dst;
-		src += AES_KEY_LENGTH;
+		src += AES128_KEY_LENGTH;
 	}
 }
 
 /**
  * Encrypt and sign a block of data (depending on security mode).
  *
- * \param key		Input AES key, length AES_KEY_LENGTH
+ * \param key		Input AES key, length AES128_KEY_LENGTH
  * \param oper		Security operations mask to perform (enum security_op)
  * \param src		Source data
  * \param length	Size of source data
- * \param sig_dst	Destination address for signature, AES_KEY_LENGTH bytes
+ * \param sig_dst	Destination address for signature, AES128_KEY_LENGTH bytes
  */
 static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src,
 			    u32 length, u8 *sig_dst)
 {
 	u32 num_aes_blocks;
-	u8 key_schedule[AES_EXPAND_KEY_LENGTH];
-	u8 iv[AES_KEY_LENGTH] = {0};
+	u8 key_schedule[AES128_EXPAND_KEY_LENGTH];
+	u8 iv[AES128_KEY_LENGTH] = {0};
 
 	debug("encrypt_and_sign: length = %d\n", length);
 
@@ -110,15 +112,16 @@ static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src,
 	 * The only need for a key is for signing/checksum purposes, so
 	 * if not encrypting, expand a key of 0s.
 	 */
-	aes_expand_key(oper & SECURITY_ENCRYPT ? key : zero_key, key_schedule);
+	aes_expand_key(oper & SECURITY_ENCRYPT ? key : zero_key,
+		       AES128_KEY_LENGTH, key_schedule);
 
-	num_aes_blocks = (length + AES_KEY_LENGTH - 1) / AES_KEY_LENGTH;
+	num_aes_blocks = (length + AES128_KEY_LENGTH - 1) / AES128_KEY_LENGTH;
 
 	if (oper & SECURITY_ENCRYPT) {
 		/* Perform this in place, resulting in src being encrypted. */
 		debug("encrypt_and_sign: begin encryption\n");
-		aes_cbc_encrypt_blocks(key_schedule, iv, src, src,
-				       num_aes_blocks);
+		aes_cbc_encrypt_blocks(AES128_KEY_LENGTH, key_schedule, iv, src,
+				       src, num_aes_blocks);
 		debug("encrypt_and_sign: end encryption\n");
 	}
 
-- 
2.7.4

[U-Boot] [PATCH 4/4] pytest: aes: add test for aes192 and aes256

[Philippe Reynes]

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
 test/py/tests/aes/key192.bin |  1 +
 test/py/tests/aes/key256.bin |  1 +
 test/py/tests/test_aes.py    | 54 +++++++++++++++++++++++++++++++++++++++++++-
 3 files changed, 55 insertions(+), 1 deletion(-)
 create mode 100644 test/py/tests/aes/key192.bin
 create mode 100644 test/py/tests/aes/key256.bin

diff --git a/test/py/tests/aes/key192.bin b/test/py/tests/aes/key192.bin
new file mode 100644
index 0000000..9165c3f
--- /dev/null
+++ b/test/py/tests/aes/key192.bin
@@ -0,0 +1 @@
+T�\x0e�\x11a�3���2D8\x1d�aL��'(\x11
\ No newline at end of file
diff --git a/test/py/tests/aes/key256.bin b/test/py/tests/aes/key256.bin
new file mode 100644
index 0000000..4d9c6ab
--- /dev/null
+++ b/test/py/tests/aes/key256.bin
@@ -0,0 +1 @@
+��x��Q\x18C֤o����\x1a�n��h!�a/噧\b8�U
\ No newline at end of file
diff --git a/test/py/tests/test_aes.py b/test/py/tests/test_aes.py
index 408bd77..baf410e 100644
--- a/test/py/tests/test_aes.py
+++ b/test/py/tests/test_aes.py
@@ -21,7 +21,7 @@ def test_aes(u_boot_console):
 
     # Send a command with no argument ...
     output = cons.run_command('aes')
-    assert('AES 128 CBC encryption' in ''.join(output))
+    assert('AES 128/192/256 CBC encryption' in ''.join(output))
 
     # Load file from host
     output = cons.run_command('host load hostfs - 1000 %skey128.bin' % datadir)
@@ -46,3 +46,55 @@ def test_aes(u_boot_console):
 
     output = cons.run_command('cmp.b 3000 5000 0x20')
     assert('Total of 32 byte(s) were the same' in ''.join(output))
+
+    #
+    # Load file from host
+    #
+    output = cons.run_command('host load hostfs - 1000 %skey192.bin' % datadir)
+    assert('24 bytes read' in ''.join(output))
+    output = cons.run_command('host load hostfs - 2000 %siv128.bin' % datadir)
+    assert('16 bytes read' in ''.join(output))
+    output = cons.run_command('host load hostfs - 3000 %splaintext.bin' % datadir)
+    assert('32 bytes read' in ''.join(output))
+
+    output = cons.run_command('md.b 3000 0x20')
+
+    output = cons.run_command('aes.192 enc 1000 2000 3000 4000 0x20')
+
+    output = cons.run_command('cmp.b 3000 4000 0x20')
+    assert('Total of 0 byte(s) were the same' in ''.join(output))
+
+    output = cons.run_command('md.b 4000 0x20')
+
+    output = cons.run_command('aes.192 dec 1000 2000 4000 5000 0x20')
+
+    output = cons.run_command('md.b 5000 0x20')
+
+    output = cons.run_command('cmp.b 3000 5000 0x20')
+    assert('Total of 32 byte(s) were the same' in ''.join(output))
+
+    #
+    # Load file from host
+    #
+    output = cons.run_command('host load hostfs - 1000 %skey256.bin' % datadir)
+    assert('32 bytes read' in ''.join(output))
+    output = cons.run_command('host load hostfs - 2000 %siv128.bin' % datadir)
+    assert('16 bytes read' in ''.join(output))
+    output = cons.run_command('host load hostfs - 3000 %splaintext.bin' % datadir)
+    assert('32 bytes read' in ''.join(output))
+
+    output = cons.run_command('md.b 3000 0x20')
+
+    output = cons.run_command('aes.256 enc 1000 2000 3000 4000 0x20')
+
+    output = cons.run_command('cmp.b 3000 4000 0x20')
+    assert('Total of 0 byte(s) were the same' in ''.join(output))
+
+    output = cons.run_command('md.b 4000 0x20')
+
+    output = cons.run_command('aes.256 dec 1000 2000 4000 5000 0x20')
+
+    output = cons.run_command('md.b 5000 0x20')
+
+    output = cons.run_command('cmp.b 3000 5000 0x20')
+    assert('Total of 32 byte(s) were the same' in ''.join(output))
-- 
2.7.4

[U-Boot] [PATCH 1/4] aes: add a define for the size of a block

[Simon Glass]

On Mon, 23 Sep 2019 at 10:48, Philippe Reynes
<philippe.reynes@softathome.com> wrote:
>
> In the code, we use the size of the key for the
> size of the block. It's true when the key is 128 bits,
> but it become false for key of 192 bits and 256 bits.
> So to prepare the support of aes192  and 256,
> we introduce a constant for the iaes block size.
>
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> ---
>  cmd/aes.c           |  2 +-
>  include/uboot_aes.h |  5 +++--
>  lib/aes.c           | 34 +++++++++++++++++-----------------
>  3 files changed, 21 insertions(+), 20 deletions(-)

Reviewed-by: Simon Glass <sjg@chromium.org>