* [U-Boot] [PATCH V2 2/4] aes: Move the AES-128-CBC encryption function to common code
2014-03-05 18:58 [U-Boot] [PATCH 1/4] aes: Fix kerneldoc for aes.h Marek Vasut
@ 2014-03-05 18:58 ` Marek Vasut
2014-03-27 16:59 ` [U-Boot] [U-Boot, V2, " Tom Rini
2014-03-05 18:58 ` [U-Boot] [PATCH 3/4] aes: Implement AES-128-CBC decryption function Marek Vasut
` (2 subsequent siblings)
3 siblings, 1 reply; 9+ messages in thread
From: Marek Vasut @ 2014-03-05 18:58 UTC (permalink / raw)
To: u-boot
Move the AES-128-CBC encryption function implemented in tegra20-common/crypto.c
into lib/aes.c . This is well re-usable common code. Moreover, clean the code up
a bit and fix the kerneldoc-style annotations.
Signed-off-by: Marek Vasut <marex@denx.de>
---
arch/arm/cpu/tegra20-common/crypto.c | 72 +-----------------------------------
include/aes.h | 10 +++++
lib/aes.c | 52 ++++++++++++++++++++++++++
3 files changed, 64 insertions(+), 70 deletions(-)
V2: Replace AES_AES_KEY_LENGTH with AES_KEY_LENGTH
Use print_buffer() instead of ad-hoc implementation
diff --git a/arch/arm/cpu/tegra20-common/crypto.c b/arch/arm/cpu/tegra20-common/crypto.c
index 8209f76..b18e67c 100644
--- a/arch/arm/cpu/tegra20-common/crypto.c
+++ b/arch/arm/cpu/tegra20-common/crypto.c
@@ -19,74 +19,6 @@ enum security_op {
SECURITY_ENCRYPT = 1 << 1, /* Encrypt the data */
};
-static void debug_print_vector(char *name, u32 num_bytes, u8 *data)
-{
- u32 i;
-
- debug("%s [%d] @0x%08x", name, num_bytes, (u32)data);
- for (i = 0; i < num_bytes; i++) {
- if (i % 16 == 0)
- debug(" = ");
- debug("%02x", data[i]);
- if ((i+1) % 16 != 0)
- debug(" ");
- }
- debug("\n");
-}
-
-/**
- * Apply chain data to the destination using EOR
- *
- * Each array is of length AES_AES_KEY_LENGTH.
- *
- * \param cbc_chain_data Chain data
- * \param src Source data
- * \param dst Destination data, which is modified here
- */
-static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
-{
- int i;
-
- for (i = 0; i < 16; i++)
- *dst++ = *src++ ^ *cbc_chain_data++;
-}
-
-/**
- * Encrypt some data with AES.
- *
- * \param key_schedule Expanded key to use
- * \param src Source data to encrypt
- * \param dst Destination buffer
- * \param num_aes_blocks Number of AES blocks to encrypt
- */
-static void encrypt_object(u8 *key_schedule, u8 *src, u8 *dst,
- u32 num_aes_blocks)
-{
- u8 tmp_data[AES_KEY_LENGTH];
- u8 *cbc_chain_data;
- u32 i;
-
- cbc_chain_data = zero_key; /* Convenient array of 0's for IV */
-
- for (i = 0; i < num_aes_blocks; i++) {
- debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
- debug_print_vector("AES Src", AES_KEY_LENGTH, src);
-
- /* Apply the chain data */
- apply_cbc_chain_data(cbc_chain_data, src, tmp_data);
- debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
-
- /* encrypt the AES block */
- aes_encrypt(tmp_data, key_schedule, dst);
- debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
-
- /* Update pointers for next loop. */
- cbc_chain_data = dst;
- src += AES_KEY_LENGTH;
- dst += AES_KEY_LENGTH;
- }
-}
-
/**
* Shift a vector left by one bit
*
@@ -129,7 +61,7 @@ static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst,
for (i = 0; i < AES_KEY_LENGTH; i++)
tmp_data[i] = 0;
- encrypt_object(key_schedule, tmp_data, left, 1);
+ aes_cbc_encrypt_blocks(key_schedule, tmp_data, left, 1);
debug_print_vector("AES(key, nonce)", AES_KEY_LENGTH, left);
left_shift_vector(left, k1, sizeof(left));
@@ -193,7 +125,7 @@ static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src,
if (oper & SECURITY_ENCRYPT) {
/* Perform this in place, resulting in src being encrypted. */
debug("encrypt_and_sign: begin encryption\n");
- encrypt_object(key_schedule, src, src, num_aes_blocks);
+ aes_cbc_encrypt_blocks(key_schedule, src, src, num_aes_blocks);
debug("encrypt_and_sign: end encryption\n");
}
diff --git a/include/aes.h b/include/aes.h
index c70eda6..d9bb387 100644
--- a/include/aes.h
+++ b/include/aes.h
@@ -53,4 +53,14 @@ void aes_encrypt(u8 *in, u8 *expkey, u8 *out);
*/
void aes_decrypt(u8 *in, u8 *expkey, u8 *out);
+/**
+ * aes_cbc_encrypt_blocks() - Encrypt multiple blocks of data with AES CBC.
+ *
+ * @key_exp Expanded key to use
+ * @src Source data to encrypt
+ * @dst Destination buffer
+ * @num_aes_blocks Number of AES blocks to encrypt
+ */
+void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks);
+
#endif /* _AES_REF_H_ */
diff --git a/lib/aes.c b/lib/aes.c
index e996b27..a6648f9 100644
--- a/lib/aes.c
+++ b/lib/aes.c
@@ -580,3 +580,55 @@ void aes_decrypt(u8 *in, u8 *expkey, u8 *out)
memcpy(out, state, sizeof(state));
}
+
+static void debug_print_vector(char *name, u32 num_bytes, u8 *data)
+{
+#ifdef DEBUG
+ printf("%s [%d] @0x%08x", name, num_bytes, (u32)data);
+ print_buffer(0, data, 1, num_bytes, 16);
+#endif
+}
+
+/**
+ * Apply chain data to the destination using EOR
+ *
+ * Each array is of length AES_KEY_LENGTH.
+ *
+ * @cbc_chain_data Chain data
+ * @src Source data
+ * @dst Destination data, which is modified here
+ */
+static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
+{
+ int i;
+
+ for (i = 0; i < AES_KEY_LENGTH; i++)
+ *dst++ = *src++ ^ *cbc_chain_data++;
+}
+
+void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks)
+{
+ u8 zero_key[AES_KEY_LENGTH] = { 0 };
+ u8 tmp_data[AES_KEY_LENGTH];
+ /* Convenient array of 0's for IV */
+ u8 *cbc_chain_data = zero_key;
+ u32 i;
+
+ for (i = 0; i < num_aes_blocks; i++) {
+ debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
+ debug_print_vector("AES Src", AES_KEY_LENGTH, src);
+
+ /* Apply the chain data */
+ apply_cbc_chain_data(cbc_chain_data, src, tmp_data);
+ debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
+
+ /* Encrypt the AES block */
+ aes_encrypt(tmp_data, key_exp, dst);
+ debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
+
+ /* Update pointers for next loop. */
+ cbc_chain_data = dst;
+ src += AES_KEY_LENGTH;
+ dst += AES_KEY_LENGTH;
+ }
+}
--
1.8.5.2
^ permalink raw reply related [flat|nested] 9+ messages in thread* [U-Boot] [PATCH 3/4] aes: Implement AES-128-CBC decryption function
2014-03-05 18:58 [U-Boot] [PATCH 1/4] aes: Fix kerneldoc for aes.h Marek Vasut
2014-03-05 18:58 ` [U-Boot] [PATCH V2 2/4] aes: Move the AES-128-CBC encryption function to common code Marek Vasut
@ 2014-03-05 18:58 ` Marek Vasut
2014-03-27 16:59 ` [U-Boot] [U-Boot, " Tom Rini
2014-03-05 18:58 ` [U-Boot] [PATCH 4/4] aes: Add 'aes' command to access AES-128-CBC Marek Vasut
2014-03-27 16:59 ` [U-Boot] [U-Boot,1/4] aes: Fix kerneldoc for aes.h Tom Rini
3 siblings, 1 reply; 9+ messages in thread
From: Marek Vasut @ 2014-03-05 18:58 UTC (permalink / raw)
To: u-boot
Implement a compatible AES-128-CBC decryption function as a counterpart
of the encryption function pulled from tegra20-common/crypto.c .
Signed-off-by: Marek Vasut <marex@denx.de>
---
include/aes.h | 10 ++++++++++
lib/aes.c | 28 ++++++++++++++++++++++++++++
2 files changed, 38 insertions(+)
diff --git a/include/aes.h b/include/aes.h
index d9bb387..4897e6f 100644
--- a/include/aes.h
+++ b/include/aes.h
@@ -63,4 +63,14 @@ void aes_decrypt(u8 *in, u8 *expkey, u8 *out);
*/
void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks);
+/**
+ * Decrypt multiple blocks of data with AES CBC.
+ *
+ * @key_exp Expanded key to use
+ * @src Source data to decrypt
+ * @dst Destination buffer
+ * @num_aes_blocks Number of AES blocks to decrypt
+ */
+void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks);
+
#endif /* _AES_REF_H_ */
diff --git a/lib/aes.c b/lib/aes.c
index a6648f9..9dadb22 100644
--- a/lib/aes.c
+++ b/lib/aes.c
@@ -632,3 +632,31 @@ void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks)
dst += AES_KEY_LENGTH;
}
}
+
+void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks)
+{
+ u8 tmp_data[AES_KEY_LENGTH], tmp_block[AES_KEY_LENGTH];
+ /* Convenient array of 0's for IV */
+ u8 cbc_chain_data[AES_KEY_LENGTH] = { 0 };
+ u32 i;
+
+ for (i = 0; i < num_aes_blocks; i++) {
+ debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
+ debug_print_vector("AES Src", AES_KEY_LENGTH, src);
+
+ memcpy(tmp_block, src, AES_KEY_LENGTH);
+
+ /* Decrypt the AES block */
+ aes_decrypt(src, key_exp, tmp_data);
+ debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
+
+ /* Apply the chain data */
+ apply_cbc_chain_data(cbc_chain_data, tmp_data, dst);
+ debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
+
+ /* Update pointers for next loop. */
+ memcpy(cbc_chain_data, tmp_block, AES_KEY_LENGTH);
+ src += AES_KEY_LENGTH;
+ dst += AES_KEY_LENGTH;
+ }
+}
--
1.8.5.2
^ permalink raw reply related [flat|nested] 9+ messages in thread* [U-Boot] [PATCH 4/4] aes: Add 'aes' command to access AES-128-CBC
2014-03-05 18:58 [U-Boot] [PATCH 1/4] aes: Fix kerneldoc for aes.h Marek Vasut
2014-03-05 18:58 ` [U-Boot] [PATCH V2 2/4] aes: Move the AES-128-CBC encryption function to common code Marek Vasut
2014-03-05 18:58 ` [U-Boot] [PATCH 3/4] aes: Implement AES-128-CBC decryption function Marek Vasut
@ 2014-03-05 18:58 ` Marek Vasut
2014-03-27 16:59 ` [U-Boot] [U-Boot, " Tom Rini
2014-03-27 16:59 ` [U-Boot] [U-Boot,1/4] aes: Fix kerneldoc for aes.h Tom Rini
3 siblings, 1 reply; 9+ messages in thread
From: Marek Vasut @ 2014-03-05 18:58 UTC (permalink / raw)
To: u-boot
Add simple 'aes' command, which allows using the AES-128-CBC encryption
and decryption functions from U-Boot command line.
Signed-off-by: Marek Vasut <marex@denx.de>
---
README | 1 +
common/Makefile | 1 +
common/cmd_aes.c | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 91 insertions(+)
create mode 100644 common/cmd_aes.c
diff --git a/README b/README
index 216f0c7..fd717bf 100644
--- a/README
+++ b/README
@@ -910,6 +910,7 @@ The following options need to be configured:
The default command configuration includes all commands
except those marked below with a "*".
+ CONFIG_CMD_AES AES 128 CBC encrypt/decrypt
CONFIG_CMD_ASKENV * ask for env variable
CONFIG_CMD_BDI bdinfo
CONFIG_CMD_BEDBUG * Include BedBug Debugger
diff --git a/common/Makefile b/common/Makefile
index 04e9cdd..622f7bb 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -48,6 +48,7 @@ obj-$(CONFIG_ENV_IS_IN_UBI) += env_ubi.o
obj-$(CONFIG_ENV_IS_NOWHERE) += env_nowhere.o
# command
+obj-$(CONFIG_CMD_AES) += cmd_aes.o
obj-$(CONFIG_CMD_AMBAPP) += cmd_ambapp.o
obj-$(CONFIG_SOURCE) += cmd_source.o
obj-$(CONFIG_CMD_SOURCE) += cmd_source.o
diff --git a/common/cmd_aes.c b/common/cmd_aes.c
new file mode 100644
index 0000000..76da3ef
--- /dev/null
+++ b/common/cmd_aes.c
@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2014 Marek Vasut <marex@denx.de>
+ *
+ * Command for en/de-crypting block of memory with AES-128-CBC cipher.
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#include <common.h>
+#include <command.h>
+#include <environment.h>
+#include <aes.h>
+#include <malloc.h>
+#include <asm/byteorder.h>
+#include <linux/compiler.h>
+
+DECLARE_GLOBAL_DATA_PTR;
+
+/**
+ * do_aes() - Handle the "aes" command-line command
+ * @cmdtp: Command data struct pointer
+ * @flag: Command flag
+ * @argc: Command-line argument count
+ * @argv: Array of command-line arguments
+ *
+ * Returns zero on success, CMD_RET_USAGE in case of misuse and negative
+ * on error.
+ */
+static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
+{
+ uint32_t key_addr, src_addr, dst_addr, len;
+ uint8_t *key_ptr, *src_ptr, *dst_ptr;
+ uint8_t key_exp[AES_EXPAND_KEY_LENGTH];
+ uint32_t aes_blocks;
+ int enc;
+
+ if (argc != 6)
+ return CMD_RET_USAGE;
+
+ if (!strncmp(argv[1], "enc", 3))
+ enc = 1;
+ else if (!strncmp(argv[1], "dec", 3))
+ enc = 0;
+ else
+ return CMD_RET_USAGE;
+
+ key_addr = simple_strtoul(argv[2], NULL, 16);
+ src_addr = simple_strtoul(argv[3], NULL, 16);
+ dst_addr = simple_strtoul(argv[4], NULL, 16);
+ len = simple_strtoul(argv[5], NULL, 16);
+
+ key_ptr = (uint8_t *)key_addr;
+ src_ptr = (uint8_t *)src_addr;
+ dst_ptr = (uint8_t *)dst_addr;
+
+ /* First we expand the key. */
+ aes_expand_key(key_ptr, key_exp);
+
+ /* Calculate the number of AES blocks to encrypt. */
+ aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH);
+
+ if (enc)
+ aes_cbc_encrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks);
+ else
+ aes_cbc_decrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks);
+
+ return 0;
+}
+
+/***************************************************/
+#ifdef CONFIG_SYS_LONGHELP
+static char aes_help_text[] =
+ "enc key src dst len - Encrypt block of data $len bytes long\n"
+ " at address $src using a key at address\n"
+ " $key and store the result at address\n"
+ " $dst. The $len size must be multiple of\n"
+ " 16 bytes and $key must be 16 bytes long.\n"
+ "aes dec key src dst len - Decrypt block of data $len bytes long\n"
+ " at address $src using a key at address\n"
+ " $key and store the result at address\n"
+ " $dst. The $len size must be multiple of\n"
+ " 16 bytes and $key must be 16 bytes long.";
+#endif
+
+U_BOOT_CMD(
+ aes, 6, 1, do_aes,
+ "AES 128 CBC encryption",
+ aes_help_text
+);
--
1.8.5.2
^ permalink raw reply related [flat|nested] 9+ messages in thread