[U-Boot] [PATCH 2/4] aes: Move the AES-128-CBC encryption function to common code
Simon Glass
sjg at chromium.org
Sun Feb 16 00:30:54 CET 2014
Hi Marek,
On 5 February 2014 20:44, Marek Vasut <marex at denx.de> wrote:
> Move the AES-128-CBC encryption function implemented in tegra20-common/crypto.c
> into lib/aes.c . This is well re-usable common code. Moreover, clean the code up
> a bit and fix the kerneldoc-style annotations.
>
> Signed-off-by: Marek Vasut <marex at denx.de>
> ---
> arch/arm/cpu/tegra20-common/crypto.c | 72 +-----------------------------------
> include/aes.h | 10 +++++
> lib/aes.c | 59 +++++++++++++++++++++++++++++
> 3 files changed, 71 insertions(+), 70 deletions(-)
>
> diff --git a/arch/arm/cpu/tegra20-common/crypto.c b/arch/arm/cpu/tegra20-common/crypto.c
> index 8209f76..b18e67c 100644
> --- a/arch/arm/cpu/tegra20-common/crypto.c
> +++ b/arch/arm/cpu/tegra20-common/crypto.c
> @@ -19,74 +19,6 @@ enum security_op {
> SECURITY_ENCRYPT = 1 << 1, /* Encrypt the data */
> };
>
> -static void debug_print_vector(char *name, u32 num_bytes, u8 *data)
> -{
> - u32 i;
> -
> - debug("%s [%d] @0x%08x", name, num_bytes, (u32)data);
> - for (i = 0; i < num_bytes; i++) {
> - if (i % 16 == 0)
> - debug(" = ");
> - debug("%02x", data[i]);
> - if ((i+1) % 16 != 0)
> - debug(" ");
> - }
> - debug("\n");
> -}
> -
> -/**
> - * Apply chain data to the destination using EOR
> - *
> - * Each array is of length AES_AES_KEY_LENGTH.
AES_KEY_LENGTH
> - *
> - * \param cbc_chain_data Chain data
> - * \param src Source data
> - * \param dst Destination data, which is modified here
> - */
> -static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
> -{
> - int i;
> -
> - for (i = 0; i < 16; i++)
AES_KEY_LENGTH?
> - *dst++ = *src++ ^ *cbc_chain_data++;
> -}
> -
> -/**
> - * Encrypt some data with AES.
> - *
> - * \param key_schedule Expanded key to use
> - * \param src Source data to encrypt
> - * \param dst Destination buffer
> - * \param num_aes_blocks Number of AES blocks to encrypt
> - */
> -static void encrypt_object(u8 *key_schedule, u8 *src, u8 *dst,
> - u32 num_aes_blocks)
> -{
> - u8 tmp_data[AES_KEY_LENGTH];
> - u8 *cbc_chain_data;
> - u32 i;
> -
> - cbc_chain_data = zero_key; /* Convenient array of 0's for IV */
> -
> - for (i = 0; i < num_aes_blocks; i++) {
> - debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
> - debug_print_vector("AES Src", AES_KEY_LENGTH, src);
> -
> - /* Apply the chain data */
> - apply_cbc_chain_data(cbc_chain_data, src, tmp_data);
> - debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
> -
> - /* encrypt the AES block */
> - aes_encrypt(tmp_data, key_schedule, dst);
> - debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
> -
> - /* Update pointers for next loop. */
> - cbc_chain_data = dst;
> - src += AES_KEY_LENGTH;
> - dst += AES_KEY_LENGTH;
> - }
> -}
> -
> /**
> * Shift a vector left by one bit
> *
> @@ -129,7 +61,7 @@ static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst,
> for (i = 0; i < AES_KEY_LENGTH; i++)
> tmp_data[i] = 0;
>
> - encrypt_object(key_schedule, tmp_data, left, 1);
> + aes_cbc_encrypt_blocks(key_schedule, tmp_data, left, 1);
> debug_print_vector("AES(key, nonce)", AES_KEY_LENGTH, left);
>
> left_shift_vector(left, k1, sizeof(left));
> @@ -193,7 +125,7 @@ static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src,
> if (oper & SECURITY_ENCRYPT) {
> /* Perform this in place, resulting in src being encrypted. */
> debug("encrypt_and_sign: begin encryption\n");
> - encrypt_object(key_schedule, src, src, num_aes_blocks);
> + aes_cbc_encrypt_blocks(key_schedule, src, src, num_aes_blocks);
> debug("encrypt_and_sign: end encryption\n");
> }
>
> diff --git a/include/aes.h b/include/aes.h
> index c70eda6..d9bb387 100644
> --- a/include/aes.h
> +++ b/include/aes.h
> @@ -53,4 +53,14 @@ void aes_encrypt(u8 *in, u8 *expkey, u8 *out);
> */
> void aes_decrypt(u8 *in, u8 *expkey, u8 *out);
>
> +/**
> + * aes_cbc_encrypt_blocks() - Encrypt multiple blocks of data with AES CBC.
> + *
> + * @key_exp Expanded key to use
> + * @src Source data to encrypt
> + * @dst Destination buffer
> + * @num_aes_blocks Number of AES blocks to encrypt
> + */
> +void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks);
> +
> #endif /* _AES_REF_H_ */
> diff --git a/lib/aes.c b/lib/aes.c
> index e996b27..4df5dae 100644
> --- a/lib/aes.c
> +++ b/lib/aes.c
> @@ -580,3 +580,62 @@ void aes_decrypt(u8 *in, u8 *expkey, u8 *out)
>
> memcpy(out, state, sizeof(state));
> }
> +
> +static void debug_print_vector(char *name, u32 num_bytes, u8 *data)
> +{
> + u32 i;
> +
> + debug("%s [%d] @0x%08x", name, num_bytes, (u32)data);
> + for (i = 0; i < num_bytes; i++) {
> + if (i % 16 == 0)
> + debug(" = ");
> + debug("%02x", data[i]);
> + if ((i+1) % 16 != 0)
> + debug(" ");
> + }
> + debug("\n");
Can we use print_buffer() here?
> +}
> +
> +/**
> + * Apply chain data to the destination using EOR
> + *
> + * Each array is of length AES_AES_KEY_LENGTH.
> + *
> + * @cbc_chain_data Chain data
> + * @src Source data
> + * @dst Destination data, which is modified here
> + */
> +static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
> +{
> + int i;
> +
> + for (i = 0; i < 16; i++)
> + *dst++ = *src++ ^ *cbc_chain_data++;
> +}
> +
> +void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks)
> +{
> + u8 zero_key[AES_KEY_LENGTH] = { 0 };
> + u8 tmp_data[AES_KEY_LENGTH];
> + /* Convenient array of 0's for IV */
> + u8 *cbc_chain_data = zero_key;
> + u32 i;
> +
> + for (i = 0; i < num_aes_blocks; i++) {
> + debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
> + debug_print_vector("AES Src", AES_KEY_LENGTH, src);
> +
> + /* Apply the chain data */
> + apply_cbc_chain_data(cbc_chain_data, src, tmp_data);
> + debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
> +
> + /* Encrypt the AES block */
> + aes_encrypt(tmp_data, key_exp, dst);
> + debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
> +
> + /* Update pointers for next loop. */
> + cbc_chain_data = dst;
> + src += AES_KEY_LENGTH;
> + dst += AES_KEY_LENGTH;
> + }
> +}
> --
> 1.8.5.3
>
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> http://lists.denx.de/mailman/listinfo/u-boot
Regards,
Simon
More information about the U-Boot
mailing list