[U-Boot] [PATCH 2/4] aes: Move the AES-128-CBC encryption function to common code

Simon Glass sjg at chromium.org
Sun Feb 16 00:30:54 CET 2014


Hi Marek,

On 5 February 2014 20:44, Marek Vasut <marex at denx.de> wrote:
> Move the AES-128-CBC encryption function implemented in tegra20-common/crypto.c
> into lib/aes.c . This is well re-usable common code. Moreover, clean the code up
> a bit and fix the kerneldoc-style annotations.
>
> Signed-off-by: Marek Vasut <marex at denx.de>
> ---
>  arch/arm/cpu/tegra20-common/crypto.c | 72 +-----------------------------------
>  include/aes.h                        | 10 +++++
>  lib/aes.c                            | 59 +++++++++++++++++++++++++++++
>  3 files changed, 71 insertions(+), 70 deletions(-)
>
> diff --git a/arch/arm/cpu/tegra20-common/crypto.c b/arch/arm/cpu/tegra20-common/crypto.c
> index 8209f76..b18e67c 100644
> --- a/arch/arm/cpu/tegra20-common/crypto.c
> +++ b/arch/arm/cpu/tegra20-common/crypto.c
> @@ -19,74 +19,6 @@ enum security_op {
>         SECURITY_ENCRYPT        = 1 << 1,       /* Encrypt the data */
>  };
>
> -static void debug_print_vector(char *name, u32 num_bytes, u8 *data)
> -{
> -       u32 i;
> -
> -       debug("%s [%d] @0x%08x", name, num_bytes, (u32)data);
> -       for (i = 0; i < num_bytes; i++) {
> -               if (i % 16 == 0)
> -                       debug(" = ");
> -               debug("%02x", data[i]);
> -               if ((i+1) % 16 != 0)
> -                       debug(" ");
> -       }
> -       debug("\n");
> -}
> -
> -/**
> - * Apply chain data to the destination using EOR
> - *
> - * Each array is of length AES_AES_KEY_LENGTH.

AES_KEY_LENGTH

> - *
> - * \param cbc_chain_data       Chain data
> - * \param src                  Source data
> - * \param dst                  Destination data, which is modified here
> - */
> -static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
> -{
> -       int i;
> -
> -       for (i = 0; i < 16; i++)

AES_KEY_LENGTH?

> -               *dst++ = *src++ ^ *cbc_chain_data++;
> -}
> -
> -/**
> - * Encrypt some data with AES.
> - *
> - * \param key_schedule         Expanded key to use
> - * \param src                  Source data to encrypt
> - * \param dst                  Destination buffer
> - * \param num_aes_blocks       Number of AES blocks to encrypt
> - */
> -static void encrypt_object(u8 *key_schedule, u8 *src, u8 *dst,
> -                          u32 num_aes_blocks)
> -{
> -       u8 tmp_data[AES_KEY_LENGTH];
> -       u8 *cbc_chain_data;
> -       u32 i;
> -
> -       cbc_chain_data = zero_key;      /* Convenient array of 0's for IV */
> -
> -       for (i = 0; i < num_aes_blocks; i++) {
> -               debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
> -               debug_print_vector("AES Src", AES_KEY_LENGTH, src);
> -
> -               /* Apply the chain data */
> -               apply_cbc_chain_data(cbc_chain_data, src, tmp_data);
> -               debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
> -
> -               /* encrypt the AES block */
> -               aes_encrypt(tmp_data, key_schedule, dst);
> -               debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
> -
> -               /* Update pointers for next loop. */
> -               cbc_chain_data = dst;
> -               src += AES_KEY_LENGTH;
> -               dst += AES_KEY_LENGTH;
> -       }
> -}
> -
>  /**
>   * Shift a vector left by one bit
>   *
> @@ -129,7 +61,7 @@ static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst,
>         for (i = 0; i < AES_KEY_LENGTH; i++)
>                 tmp_data[i] = 0;
>
> -       encrypt_object(key_schedule, tmp_data, left, 1);
> +       aes_cbc_encrypt_blocks(key_schedule, tmp_data, left, 1);
>         debug_print_vector("AES(key, nonce)", AES_KEY_LENGTH, left);
>
>         left_shift_vector(left, k1, sizeof(left));
> @@ -193,7 +125,7 @@ static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src,
>         if (oper & SECURITY_ENCRYPT) {
>                 /* Perform this in place, resulting in src being encrypted. */
>                 debug("encrypt_and_sign: begin encryption\n");
> -               encrypt_object(key_schedule, src, src, num_aes_blocks);
> +               aes_cbc_encrypt_blocks(key_schedule, src, src, num_aes_blocks);
>                 debug("encrypt_and_sign: end encryption\n");
>         }
>
> diff --git a/include/aes.h b/include/aes.h
> index c70eda6..d9bb387 100644
> --- a/include/aes.h
> +++ b/include/aes.h
> @@ -53,4 +53,14 @@ void aes_encrypt(u8 *in, u8 *expkey, u8 *out);
>   */
>  void aes_decrypt(u8 *in, u8 *expkey, u8 *out);
>
> +/**
> + * aes_cbc_encrypt_blocks() - Encrypt multiple blocks of data with AES CBC.
> + *
> + * @key_exp            Expanded key to use
> + * @src                        Source data to encrypt
> + * @dst                        Destination buffer
> + * @num_aes_blocks     Number of AES blocks to encrypt
> + */
> +void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks);
> +
>  #endif /* _AES_REF_H_ */
> diff --git a/lib/aes.c b/lib/aes.c
> index e996b27..4df5dae 100644
> --- a/lib/aes.c
> +++ b/lib/aes.c
> @@ -580,3 +580,62 @@ void aes_decrypt(u8 *in, u8 *expkey, u8 *out)
>
>         memcpy(out, state, sizeof(state));
>  }
> +
> +static void debug_print_vector(char *name, u32 num_bytes, u8 *data)
> +{
> +       u32 i;
> +
> +       debug("%s [%d] @0x%08x", name, num_bytes, (u32)data);
> +       for (i = 0; i < num_bytes; i++) {
> +               if (i % 16 == 0)
> +                       debug(" = ");
> +               debug("%02x", data[i]);
> +               if ((i+1) % 16 != 0)
> +                       debug(" ");
> +       }
> +       debug("\n");

Can we use print_buffer() here?

> +}
> +
> +/**
> + * Apply chain data to the destination using EOR
> + *
> + * Each array is of length AES_AES_KEY_LENGTH.
> + *
> + * @cbc_chain_data     Chain data
> + * @src                        Source data
> + * @dst                        Destination data, which is modified here
> + */
> +static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
> +{
> +       int i;
> +
> +       for (i = 0; i < 16; i++)
> +               *dst++ = *src++ ^ *cbc_chain_data++;
> +}
> +
> +void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks)
> +{
> +       u8 zero_key[AES_KEY_LENGTH] = { 0 };
> +       u8 tmp_data[AES_KEY_LENGTH];
> +       /* Convenient array of 0's for IV */
> +       u8 *cbc_chain_data = zero_key;
> +       u32 i;
> +
> +       for (i = 0; i < num_aes_blocks; i++) {
> +               debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
> +               debug_print_vector("AES Src", AES_KEY_LENGTH, src);
> +
> +               /* Apply the chain data */
> +               apply_cbc_chain_data(cbc_chain_data, src, tmp_data);
> +               debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
> +
> +               /* Encrypt the AES block */
> +               aes_encrypt(tmp_data, key_exp, dst);
> +               debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
> +
> +               /* Update pointers for next loop. */
> +               cbc_chain_data = dst;
> +               src += AES_KEY_LENGTH;
> +               dst += AES_KEY_LENGTH;
> +       }
> +}
> --
> 1.8.5.3
>
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> http://lists.denx.de/mailman/listinfo/u-boot

Regards,
Simon


More information about the U-Boot mailing list