* [U-Boot] [PATCH 1/4] aes: Fix kerneldoc for aes.h
@ 2014-02-06 3:44 Marek Vasut
2014-02-06 3:44 ` [U-Boot] [PATCH 2/4] aes: Move the AES-128-CBC encryption function to common code Marek Vasut
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Marek Vasut @ 2014-02-06 3:44 UTC (permalink / raw)
To: u-boot
Fix the function annotations in aes.h so they're compatible with kerneldoc.
Signed-off-by: Marek Vasut <marex@denx.de>
---
include/aes.h | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/include/aes.h b/include/aes.h
index ea06308..c70eda6 100644
--- a/include/aes.h
+++ b/include/aes.h
@@ -25,29 +25,31 @@ enum {
};
/**
+ * aes_expand_key() - Expand the AES key
+ *
* Expand a key into a key schedule, which is then used for the other
* operations.
*
- * \param key Key, of length AES_KEY_LENGTH bytes
- * \param expkey Buffer to place expanded key, AES_EXPAND_KEY_LENGTH
+ * @key Key, of length AES_KEY_LENGTH bytes
+ * @expkey Buffer to place expanded key, AES_EXPAND_KEY_LENGTH
*/
void aes_expand_key(u8 *key, u8 *expkey);
/**
- * Encrypt a single block of data
+ * aes_encrypt() - Encrypt single block of data with AES 128
*
- * in Input data
- * expkey Expanded key to use for encryption (from aes_expand_key())
- * out Output data
+ * @in Input data
+ * @expkey Expanded key to use for encryption (from aes_expand_key())
+ * @out Output data
*/
void aes_encrypt(u8 *in, u8 *expkey, u8 *out);
/**
- * Decrypt a single block of data
+ * aes_decrypt() - Decrypt single block of data with AES 128
*
- * in Input data
- * expkey Expanded key to use for decryption (from aes_expand_key())
- * out Output data
+ * @in Input data
+ * @expkey Expanded key to use for decryption (from aes_expand_key())
+ * @out Output data
*/
void aes_decrypt(u8 *in, u8 *expkey, u8 *out);
--
1.8.5.3
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [U-Boot] [PATCH 2/4] aes: Move the AES-128-CBC encryption function to common code
2014-02-06 3:44 [U-Boot] [PATCH 1/4] aes: Fix kerneldoc for aes.h Marek Vasut
@ 2014-02-06 3:44 ` Marek Vasut
2014-02-15 23:30 ` Simon Glass
2014-02-06 3:44 ` [U-Boot] [PATCH 3/4] aes: Implement AES-128-CBC decryption function Marek Vasut
` (2 subsequent siblings)
3 siblings, 1 reply; 7+ messages in thread
From: Marek Vasut @ 2014-02-06 3:44 UTC (permalink / raw)
To: u-boot
Move the AES-128-CBC encryption function implemented in tegra20-common/crypto.c
into lib/aes.c . This is well re-usable common code. Moreover, clean the code up
a bit and fix the kerneldoc-style annotations.
Signed-off-by: Marek Vasut <marex@denx.de>
---
arch/arm/cpu/tegra20-common/crypto.c | 72 +-----------------------------------
include/aes.h | 10 +++++
lib/aes.c | 59 +++++++++++++++++++++++++++++
3 files changed, 71 insertions(+), 70 deletions(-)
diff --git a/arch/arm/cpu/tegra20-common/crypto.c b/arch/arm/cpu/tegra20-common/crypto.c
index 8209f76..b18e67c 100644
--- a/arch/arm/cpu/tegra20-common/crypto.c
+++ b/arch/arm/cpu/tegra20-common/crypto.c
@@ -19,74 +19,6 @@ enum security_op {
SECURITY_ENCRYPT = 1 << 1, /* Encrypt the data */
};
-static void debug_print_vector(char *name, u32 num_bytes, u8 *data)
-{
- u32 i;
-
- debug("%s [%d] @0x%08x", name, num_bytes, (u32)data);
- for (i = 0; i < num_bytes; i++) {
- if (i % 16 == 0)
- debug(" = ");
- debug("%02x", data[i]);
- if ((i+1) % 16 != 0)
- debug(" ");
- }
- debug("\n");
-}
-
-/**
- * Apply chain data to the destination using EOR
- *
- * Each array is of length AES_AES_KEY_LENGTH.
- *
- * \param cbc_chain_data Chain data
- * \param src Source data
- * \param dst Destination data, which is modified here
- */
-static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
-{
- int i;
-
- for (i = 0; i < 16; i++)
- *dst++ = *src++ ^ *cbc_chain_data++;
-}
-
-/**
- * Encrypt some data with AES.
- *
- * \param key_schedule Expanded key to use
- * \param src Source data to encrypt
- * \param dst Destination buffer
- * \param num_aes_blocks Number of AES blocks to encrypt
- */
-static void encrypt_object(u8 *key_schedule, u8 *src, u8 *dst,
- u32 num_aes_blocks)
-{
- u8 tmp_data[AES_KEY_LENGTH];
- u8 *cbc_chain_data;
- u32 i;
-
- cbc_chain_data = zero_key; /* Convenient array of 0's for IV */
-
- for (i = 0; i < num_aes_blocks; i++) {
- debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
- debug_print_vector("AES Src", AES_KEY_LENGTH, src);
-
- /* Apply the chain data */
- apply_cbc_chain_data(cbc_chain_data, src, tmp_data);
- debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
-
- /* encrypt the AES block */
- aes_encrypt(tmp_data, key_schedule, dst);
- debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
-
- /* Update pointers for next loop. */
- cbc_chain_data = dst;
- src += AES_KEY_LENGTH;
- dst += AES_KEY_LENGTH;
- }
-}
-
/**
* Shift a vector left by one bit
*
@@ -129,7 +61,7 @@ static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst,
for (i = 0; i < AES_KEY_LENGTH; i++)
tmp_data[i] = 0;
- encrypt_object(key_schedule, tmp_data, left, 1);
+ aes_cbc_encrypt_blocks(key_schedule, tmp_data, left, 1);
debug_print_vector("AES(key, nonce)", AES_KEY_LENGTH, left);
left_shift_vector(left, k1, sizeof(left));
@@ -193,7 +125,7 @@ static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src,
if (oper & SECURITY_ENCRYPT) {
/* Perform this in place, resulting in src being encrypted. */
debug("encrypt_and_sign: begin encryption\n");
- encrypt_object(key_schedule, src, src, num_aes_blocks);
+ aes_cbc_encrypt_blocks(key_schedule, src, src, num_aes_blocks);
debug("encrypt_and_sign: end encryption\n");
}
diff --git a/include/aes.h b/include/aes.h
index c70eda6..d9bb387 100644
--- a/include/aes.h
+++ b/include/aes.h
@@ -53,4 +53,14 @@ void aes_encrypt(u8 *in, u8 *expkey, u8 *out);
*/
void aes_decrypt(u8 *in, u8 *expkey, u8 *out);
+/**
+ * aes_cbc_encrypt_blocks() - Encrypt multiple blocks of data with AES CBC.
+ *
+ * @key_exp Expanded key to use
+ * @src Source data to encrypt
+ * @dst Destination buffer
+ * @num_aes_blocks Number of AES blocks to encrypt
+ */
+void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks);
+
#endif /* _AES_REF_H_ */
diff --git a/lib/aes.c b/lib/aes.c
index e996b27..4df5dae 100644
--- a/lib/aes.c
+++ b/lib/aes.c
@@ -580,3 +580,62 @@ void aes_decrypt(u8 *in, u8 *expkey, u8 *out)
memcpy(out, state, sizeof(state));
}
+
+static void debug_print_vector(char *name, u32 num_bytes, u8 *data)
+{
+ u32 i;
+
+ debug("%s [%d] @0x%08x", name, num_bytes, (u32)data);
+ for (i = 0; i < num_bytes; i++) {
+ if (i % 16 == 0)
+ debug(" = ");
+ debug("%02x", data[i]);
+ if ((i+1) % 16 != 0)
+ debug(" ");
+ }
+ debug("\n");
+}
+
+/**
+ * Apply chain data to the destination using EOR
+ *
+ * Each array is of length AES_AES_KEY_LENGTH.
+ *
+ * @cbc_chain_data Chain data
+ * @src Source data
+ * @dst Destination data, which is modified here
+ */
+static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
+{
+ int i;
+
+ for (i = 0; i < 16; i++)
+ *dst++ = *src++ ^ *cbc_chain_data++;
+}
+
+void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks)
+{
+ u8 zero_key[AES_KEY_LENGTH] = { 0 };
+ u8 tmp_data[AES_KEY_LENGTH];
+ /* Convenient array of 0's for IV */
+ u8 *cbc_chain_data = zero_key;
+ u32 i;
+
+ for (i = 0; i < num_aes_blocks; i++) {
+ debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
+ debug_print_vector("AES Src", AES_KEY_LENGTH, src);
+
+ /* Apply the chain data */
+ apply_cbc_chain_data(cbc_chain_data, src, tmp_data);
+ debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
+
+ /* Encrypt the AES block */
+ aes_encrypt(tmp_data, key_exp, dst);
+ debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
+
+ /* Update pointers for next loop. */
+ cbc_chain_data = dst;
+ src += AES_KEY_LENGTH;
+ dst += AES_KEY_LENGTH;
+ }
+}
--
1.8.5.3
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [U-Boot] [PATCH 3/4] aes: Implement AES-128-CBC decryption function
2014-02-06 3:44 [U-Boot] [PATCH 1/4] aes: Fix kerneldoc for aes.h Marek Vasut
2014-02-06 3:44 ` [U-Boot] [PATCH 2/4] aes: Move the AES-128-CBC encryption function to common code Marek Vasut
@ 2014-02-06 3:44 ` Marek Vasut
2014-02-06 3:44 ` [U-Boot] [PATCH 4/4] aes: Add 'aes' command to access AES-128-CBC Marek Vasut
2014-02-15 23:27 ` [U-Boot] [PATCH 1/4] aes: Fix kerneldoc for aes.h Simon Glass
3 siblings, 0 replies; 7+ messages in thread
From: Marek Vasut @ 2014-02-06 3:44 UTC (permalink / raw)
To: u-boot
Implement a compatible AES-128-CBC decryption function as a counterpart
of the encryption function pulled from tegra20-common/crypto.c .
Signed-off-by: Marek Vasut <marex@denx.de>
---
include/aes.h | 10 ++++++++++
lib/aes.c | 28 ++++++++++++++++++++++++++++
2 files changed, 38 insertions(+)
diff --git a/include/aes.h b/include/aes.h
index d9bb387..4897e6f 100644
--- a/include/aes.h
+++ b/include/aes.h
@@ -63,4 +63,14 @@ void aes_decrypt(u8 *in, u8 *expkey, u8 *out);
*/
void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks);
+/**
+ * Decrypt multiple blocks of data with AES CBC.
+ *
+ * @key_exp Expanded key to use
+ * @src Source data to decrypt
+ * @dst Destination buffer
+ * @num_aes_blocks Number of AES blocks to decrypt
+ */
+void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks);
+
#endif /* _AES_REF_H_ */
diff --git a/lib/aes.c b/lib/aes.c
index 4df5dae..8b23e10 100644
--- a/lib/aes.c
+++ b/lib/aes.c
@@ -639,3 +639,31 @@ void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks)
dst += AES_KEY_LENGTH;
}
}
+
+void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks)
+{
+ u8 tmp_data[AES_KEY_LENGTH], tmp_block[AES_KEY_LENGTH];
+ /* Convenient array of 0's for IV */
+ u8 cbc_chain_data[AES_KEY_LENGTH] = { 0 };
+ u32 i;
+
+ for (i = 0; i < num_aes_blocks; i++) {
+ debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
+ debug_print_vector("AES Src", AES_KEY_LENGTH, src);
+
+ memcpy(tmp_block, src, AES_KEY_LENGTH);
+
+ /* Decrypt the AES block */
+ aes_decrypt(src, key_exp, tmp_data);
+ debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
+
+ /* Apply the chain data */
+ apply_cbc_chain_data(cbc_chain_data, tmp_data, dst);
+ debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
+
+ /* Update pointers for next loop. */
+ memcpy(cbc_chain_data, tmp_block, AES_KEY_LENGTH);
+ src += AES_KEY_LENGTH;
+ dst += AES_KEY_LENGTH;
+ }
+}
--
1.8.5.3
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [U-Boot] [PATCH 4/4] aes: Add 'aes' command to access AES-128-CBC
2014-02-06 3:44 [U-Boot] [PATCH 1/4] aes: Fix kerneldoc for aes.h Marek Vasut
2014-02-06 3:44 ` [U-Boot] [PATCH 2/4] aes: Move the AES-128-CBC encryption function to common code Marek Vasut
2014-02-06 3:44 ` [U-Boot] [PATCH 3/4] aes: Implement AES-128-CBC decryption function Marek Vasut
@ 2014-02-06 3:44 ` Marek Vasut
2014-02-15 23:27 ` [U-Boot] [PATCH 1/4] aes: Fix kerneldoc for aes.h Simon Glass
3 siblings, 0 replies; 7+ messages in thread
From: Marek Vasut @ 2014-02-06 3:44 UTC (permalink / raw)
To: u-boot
Add simple 'aes' command, which allows using the AES-128-CBC encryption
and decryption functions from U-Boot command line.
Signed-off-by: Marek Vasut <marex@denx.de>
---
README | 1 +
common/Makefile | 1 +
common/cmd_aes.c | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 91 insertions(+)
create mode 100644 common/cmd_aes.c
diff --git a/README b/README
index fe48ccd..770113d 100644
--- a/README
+++ b/README
@@ -895,6 +895,7 @@ The following options need to be configured:
The default command configuration includes all commands
except those marked below with a "*".
+ CONFIG_CMD_AES AES 128 CBC encrypt/decrypt
CONFIG_CMD_ASKENV * ask for env variable
CONFIG_CMD_BDI bdinfo
CONFIG_CMD_BEDBUG * Include BedBug Debugger
diff --git a/common/Makefile b/common/Makefile
index a83246e..2879304 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -48,6 +48,7 @@ obj-$(CONFIG_ENV_IS_IN_UBI) += env_ubi.o
obj-$(CONFIG_ENV_IS_NOWHERE) += env_nowhere.o
# command
+obj-$(CONFIG_CMD_AES) += cmd_aes.o
obj-$(CONFIG_CMD_AMBAPP) += cmd_ambapp.o
obj-$(CONFIG_SOURCE) += cmd_source.o
obj-$(CONFIG_CMD_SOURCE) += cmd_source.o
diff --git a/common/cmd_aes.c b/common/cmd_aes.c
new file mode 100644
index 0000000..76da3ef
--- /dev/null
+++ b/common/cmd_aes.c
@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2014 Marek Vasut <marex@denx.de>
+ *
+ * Command for en/de-crypting block of memory with AES-128-CBC cipher.
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#include <common.h>
+#include <command.h>
+#include <environment.h>
+#include <aes.h>
+#include <malloc.h>
+#include <asm/byteorder.h>
+#include <linux/compiler.h>
+
+DECLARE_GLOBAL_DATA_PTR;
+
+/**
+ * do_aes() - Handle the "aes" command-line command
+ * @cmdtp: Command data struct pointer
+ * @flag: Command flag
+ * @argc: Command-line argument count
+ * @argv: Array of command-line arguments
+ *
+ * Returns zero on success, CMD_RET_USAGE in case of misuse and negative
+ * on error.
+ */
+static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
+{
+ uint32_t key_addr, src_addr, dst_addr, len;
+ uint8_t *key_ptr, *src_ptr, *dst_ptr;
+ uint8_t key_exp[AES_EXPAND_KEY_LENGTH];
+ uint32_t aes_blocks;
+ int enc;
+
+ if (argc != 6)
+ return CMD_RET_USAGE;
+
+ if (!strncmp(argv[1], "enc", 3))
+ enc = 1;
+ else if (!strncmp(argv[1], "dec", 3))
+ enc = 0;
+ else
+ return CMD_RET_USAGE;
+
+ key_addr = simple_strtoul(argv[2], NULL, 16);
+ src_addr = simple_strtoul(argv[3], NULL, 16);
+ dst_addr = simple_strtoul(argv[4], NULL, 16);
+ len = simple_strtoul(argv[5], NULL, 16);
+
+ key_ptr = (uint8_t *)key_addr;
+ src_ptr = (uint8_t *)src_addr;
+ dst_ptr = (uint8_t *)dst_addr;
+
+ /* First we expand the key. */
+ aes_expand_key(key_ptr, key_exp);
+
+ /* Calculate the number of AES blocks to encrypt. */
+ aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH);
+
+ if (enc)
+ aes_cbc_encrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks);
+ else
+ aes_cbc_decrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks);
+
+ return 0;
+}
+
+/***************************************************/
+#ifdef CONFIG_SYS_LONGHELP
+static char aes_help_text[] =
+ "enc key src dst len - Encrypt block of data $len bytes long\n"
+ " at address $src using a key at address\n"
+ " $key and store the result at address\n"
+ " $dst. The $len size must be multiple of\n"
+ " 16 bytes and $key must be 16 bytes long.\n"
+ "aes dec key src dst len - Decrypt block of data $len bytes long\n"
+ " at address $src using a key at address\n"
+ " $key and store the result at address\n"
+ " $dst. The $len size must be multiple of\n"
+ " 16 bytes and $key must be 16 bytes long.";
+#endif
+
+U_BOOT_CMD(
+ aes, 6, 1, do_aes,
+ "AES 128 CBC encryption",
+ aes_help_text
+);
--
1.8.5.3
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [U-Boot] [PATCH 1/4] aes: Fix kerneldoc for aes.h
2014-02-06 3:44 [U-Boot] [PATCH 1/4] aes: Fix kerneldoc for aes.h Marek Vasut
` (2 preceding siblings ...)
2014-02-06 3:44 ` [U-Boot] [PATCH 4/4] aes: Add 'aes' command to access AES-128-CBC Marek Vasut
@ 2014-02-15 23:27 ` Simon Glass
3 siblings, 0 replies; 7+ messages in thread
From: Simon Glass @ 2014-02-15 23:27 UTC (permalink / raw)
To: u-boot
On 5 February 2014 20:44, Marek Vasut <marex@denx.de> wrote:
> Fix the function annotations in aes.h so they're compatible with kerneldoc.
>
> Signed-off-by: Marek Vasut <marex@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 7+ messages in thread
* [U-Boot] [PATCH 2/4] aes: Move the AES-128-CBC encryption function to common code
2014-02-06 3:44 ` [U-Boot] [PATCH 2/4] aes: Move the AES-128-CBC encryption function to common code Marek Vasut
@ 2014-02-15 23:30 ` Simon Glass
2014-03-05 19:03 ` Marek Vasut
0 siblings, 1 reply; 7+ messages in thread
From: Simon Glass @ 2014-02-15 23:30 UTC (permalink / raw)
To: u-boot
Hi Marek,
On 5 February 2014 20:44, Marek Vasut <marex@denx.de> wrote:
> Move the AES-128-CBC encryption function implemented in tegra20-common/crypto.c
> into lib/aes.c . This is well re-usable common code. Moreover, clean the code up
> a bit and fix the kerneldoc-style annotations.
>
> Signed-off-by: Marek Vasut <marex@denx.de>
> ---
> arch/arm/cpu/tegra20-common/crypto.c | 72 +-----------------------------------
> include/aes.h | 10 +++++
> lib/aes.c | 59 +++++++++++++++++++++++++++++
> 3 files changed, 71 insertions(+), 70 deletions(-)
>
> diff --git a/arch/arm/cpu/tegra20-common/crypto.c b/arch/arm/cpu/tegra20-common/crypto.c
> index 8209f76..b18e67c 100644
> --- a/arch/arm/cpu/tegra20-common/crypto.c
> +++ b/arch/arm/cpu/tegra20-common/crypto.c
> @@ -19,74 +19,6 @@ enum security_op {
> SECURITY_ENCRYPT = 1 << 1, /* Encrypt the data */
> };
>
> -static void debug_print_vector(char *name, u32 num_bytes, u8 *data)
> -{
> - u32 i;
> -
> - debug("%s [%d] @0x%08x", name, num_bytes, (u32)data);
> - for (i = 0; i < num_bytes; i++) {
> - if (i % 16 == 0)
> - debug(" = ");
> - debug("%02x", data[i]);
> - if ((i+1) % 16 != 0)
> - debug(" ");
> - }
> - debug("\n");
> -}
> -
> -/**
> - * Apply chain data to the destination using EOR
> - *
> - * Each array is of length AES_AES_KEY_LENGTH.
AES_KEY_LENGTH
> - *
> - * \param cbc_chain_data Chain data
> - * \param src Source data
> - * \param dst Destination data, which is modified here
> - */
> -static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
> -{
> - int i;
> -
> - for (i = 0; i < 16; i++)
AES_KEY_LENGTH?
> - *dst++ = *src++ ^ *cbc_chain_data++;
> -}
> -
> -/**
> - * Encrypt some data with AES.
> - *
> - * \param key_schedule Expanded key to use
> - * \param src Source data to encrypt
> - * \param dst Destination buffer
> - * \param num_aes_blocks Number of AES blocks to encrypt
> - */
> -static void encrypt_object(u8 *key_schedule, u8 *src, u8 *dst,
> - u32 num_aes_blocks)
> -{
> - u8 tmp_data[AES_KEY_LENGTH];
> - u8 *cbc_chain_data;
> - u32 i;
> -
> - cbc_chain_data = zero_key; /* Convenient array of 0's for IV */
> -
> - for (i = 0; i < num_aes_blocks; i++) {
> - debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
> - debug_print_vector("AES Src", AES_KEY_LENGTH, src);
> -
> - /* Apply the chain data */
> - apply_cbc_chain_data(cbc_chain_data, src, tmp_data);
> - debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
> -
> - /* encrypt the AES block */
> - aes_encrypt(tmp_data, key_schedule, dst);
> - debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
> -
> - /* Update pointers for next loop. */
> - cbc_chain_data = dst;
> - src += AES_KEY_LENGTH;
> - dst += AES_KEY_LENGTH;
> - }
> -}
> -
> /**
> * Shift a vector left by one bit
> *
> @@ -129,7 +61,7 @@ static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst,
> for (i = 0; i < AES_KEY_LENGTH; i++)
> tmp_data[i] = 0;
>
> - encrypt_object(key_schedule, tmp_data, left, 1);
> + aes_cbc_encrypt_blocks(key_schedule, tmp_data, left, 1);
> debug_print_vector("AES(key, nonce)", AES_KEY_LENGTH, left);
>
> left_shift_vector(left, k1, sizeof(left));
> @@ -193,7 +125,7 @@ static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src,
> if (oper & SECURITY_ENCRYPT) {
> /* Perform this in place, resulting in src being encrypted. */
> debug("encrypt_and_sign: begin encryption\n");
> - encrypt_object(key_schedule, src, src, num_aes_blocks);
> + aes_cbc_encrypt_blocks(key_schedule, src, src, num_aes_blocks);
> debug("encrypt_and_sign: end encryption\n");
> }
>
> diff --git a/include/aes.h b/include/aes.h
> index c70eda6..d9bb387 100644
> --- a/include/aes.h
> +++ b/include/aes.h
> @@ -53,4 +53,14 @@ void aes_encrypt(u8 *in, u8 *expkey, u8 *out);
> */
> void aes_decrypt(u8 *in, u8 *expkey, u8 *out);
>
> +/**
> + * aes_cbc_encrypt_blocks() - Encrypt multiple blocks of data with AES CBC.
> + *
> + * @key_exp Expanded key to use
> + * @src Source data to encrypt
> + * @dst Destination buffer
> + * @num_aes_blocks Number of AES blocks to encrypt
> + */
> +void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks);
> +
> #endif /* _AES_REF_H_ */
> diff --git a/lib/aes.c b/lib/aes.c
> index e996b27..4df5dae 100644
> --- a/lib/aes.c
> +++ b/lib/aes.c
> @@ -580,3 +580,62 @@ void aes_decrypt(u8 *in, u8 *expkey, u8 *out)
>
> memcpy(out, state, sizeof(state));
> }
> +
> +static void debug_print_vector(char *name, u32 num_bytes, u8 *data)
> +{
> + u32 i;
> +
> + debug("%s [%d] @0x%08x", name, num_bytes, (u32)data);
> + for (i = 0; i < num_bytes; i++) {
> + if (i % 16 == 0)
> + debug(" = ");
> + debug("%02x", data[i]);
> + if ((i+1) % 16 != 0)
> + debug(" ");
> + }
> + debug("\n");
Can we use print_buffer() here?
> +}
> +
> +/**
> + * Apply chain data to the destination using EOR
> + *
> + * Each array is of length AES_AES_KEY_LENGTH.
> + *
> + * @cbc_chain_data Chain data
> + * @src Source data
> + * @dst Destination data, which is modified here
> + */
> +static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
> +{
> + int i;
> +
> + for (i = 0; i < 16; i++)
> + *dst++ = *src++ ^ *cbc_chain_data++;
> +}
> +
> +void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks)
> +{
> + u8 zero_key[AES_KEY_LENGTH] = { 0 };
> + u8 tmp_data[AES_KEY_LENGTH];
> + /* Convenient array of 0's for IV */
> + u8 *cbc_chain_data = zero_key;
> + u32 i;
> +
> + for (i = 0; i < num_aes_blocks; i++) {
> + debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
> + debug_print_vector("AES Src", AES_KEY_LENGTH, src);
> +
> + /* Apply the chain data */
> + apply_cbc_chain_data(cbc_chain_data, src, tmp_data);
> + debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
> +
> + /* Encrypt the AES block */
> + aes_encrypt(tmp_data, key_exp, dst);
> + debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
> +
> + /* Update pointers for next loop. */
> + cbc_chain_data = dst;
> + src += AES_KEY_LENGTH;
> + dst += AES_KEY_LENGTH;
> + }
> +}
> --
> 1.8.5.3
>
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> http://lists.denx.de/mailman/listinfo/u-boot
Regards,
Simon
^ permalink raw reply [flat|nested] 7+ messages in thread
* [U-Boot] [PATCH 2/4] aes: Move the AES-128-CBC encryption function to common code
2014-02-15 23:30 ` Simon Glass
@ 2014-03-05 19:03 ` Marek Vasut
0 siblings, 0 replies; 7+ messages in thread
From: Marek Vasut @ 2014-03-05 19:03 UTC (permalink / raw)
To: u-boot
On Sunday, February 16, 2014 at 12:30:54 AM, Simon Glass wrote:
> Hi Marek,
>
> On 5 February 2014 20:44, Marek Vasut <marex@denx.de> wrote:
> > Move the AES-128-CBC encryption function implemented in
> > tegra20-common/crypto.c into lib/aes.c . This is well re-usable common
> > code. Moreover, clean the code up a bit and fix the kerneldoc-style
> > annotations.
> >
> > Signed-off-by: Marek Vasut <marex@denx.de>
Fixed all and V2 is out, thanks!
Best regards,
Marek Vasut
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2014-03-05 19:03 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-02-06 3:44 [U-Boot] [PATCH 1/4] aes: Fix kerneldoc for aes.h Marek Vasut
2014-02-06 3:44 ` [U-Boot] [PATCH 2/4] aes: Move the AES-128-CBC encryption function to common code Marek Vasut
2014-02-15 23:30 ` Simon Glass
2014-03-05 19:03 ` Marek Vasut
2014-02-06 3:44 ` [U-Boot] [PATCH 3/4] aes: Implement AES-128-CBC decryption function Marek Vasut
2014-02-06 3:44 ` [U-Boot] [PATCH 4/4] aes: Add 'aes' command to access AES-128-CBC Marek Vasut
2014-02-15 23:27 ` [U-Boot] [PATCH 1/4] aes: Fix kerneldoc for aes.h Simon Glass
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.