Hi Marek,
On 5 February 2014 20:44, Marek Vasut marex@denx.de wrote:
Move the AES-128-CBC encryption function implemented in tegra20-common/crypto.c into lib/aes.c . This is well re-usable common code. Moreover, clean the code up a bit and fix the kerneldoc-style annotations.
Signed-off-by: Marek Vasut marex@denx.de
arch/arm/cpu/tegra20-common/crypto.c | 72 +----------------------------------- include/aes.h | 10 +++++ lib/aes.c | 59 +++++++++++++++++++++++++++++ 3 files changed, 71 insertions(+), 70 deletions(-)
diff --git a/arch/arm/cpu/tegra20-common/crypto.c b/arch/arm/cpu/tegra20-common/crypto.c index 8209f76..b18e67c 100644 --- a/arch/arm/cpu/tegra20-common/crypto.c +++ b/arch/arm/cpu/tegra20-common/crypto.c @@ -19,74 +19,6 @@ enum security_op { SECURITY_ENCRYPT = 1 << 1, /* Encrypt the data */ };
-static void debug_print_vector(char *name, u32 num_bytes, u8 *data) -{
u32 i;debug("%s [%d] @0x%08x", name, num_bytes, (u32)data);for (i = 0; i < num_bytes; i++) {if (i % 16 == 0)debug(" = ");debug("%02x", data[i]);if ((i+1) % 16 != 0)debug(" ");}debug("\n");-}
-/**
- Apply chain data to the destination using EOR
- Each array is of length AES_AES_KEY_LENGTH.
AES_KEY_LENGTH
- \param cbc_chain_data Chain data
- \param src Source data
- \param dst Destination data, which is modified here
- */
-static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst) -{
int i;for (i = 0; i < 16; i++)
AES_KEY_LENGTH?
*dst++ = *src++ ^ *cbc_chain_data++;-}
-/**
- Encrypt some data with AES.
- \param key_schedule Expanded key to use
- \param src Source data to encrypt
- \param dst Destination buffer
- \param num_aes_blocks Number of AES blocks to encrypt
- */
-static void encrypt_object(u8 *key_schedule, u8 *src, u8 *dst,
u32 num_aes_blocks)-{
u8 tmp_data[AES_KEY_LENGTH];u8 *cbc_chain_data;u32 i;cbc_chain_data = zero_key; /* Convenient array of 0's for IV */for (i = 0; i < num_aes_blocks; i++) {debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);debug_print_vector("AES Src", AES_KEY_LENGTH, src);/* Apply the chain data */apply_cbc_chain_data(cbc_chain_data, src, tmp_data);debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);/* encrypt the AES block */aes_encrypt(tmp_data, key_schedule, dst);debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);/* Update pointers for next loop. */cbc_chain_data = dst;src += AES_KEY_LENGTH;dst += AES_KEY_LENGTH;}-}
/**
- Shift a vector left by one bit
@@ -129,7 +61,7 @@ static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst, for (i = 0; i < AES_KEY_LENGTH; i++) tmp_data[i] = 0;
encrypt_object(key_schedule, tmp_data, left, 1);
aes_cbc_encrypt_blocks(key_schedule, tmp_data, left, 1); debug_print_vector("AES(key, nonce)", AES_KEY_LENGTH, left); left_shift_vector(left, k1, sizeof(left));@@ -193,7 +125,7 @@ static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src, if (oper & SECURITY_ENCRYPT) { /* Perform this in place, resulting in src being encrypted. */ debug("encrypt_and_sign: begin encryption\n");
encrypt_object(key_schedule, src, src, num_aes_blocks);
aes_cbc_encrypt_blocks(key_schedule, src, src, num_aes_blocks); debug("encrypt_and_sign: end encryption\n"); }diff --git a/include/aes.h b/include/aes.h index c70eda6..d9bb387 100644 --- a/include/aes.h +++ b/include/aes.h @@ -53,4 +53,14 @@ void aes_encrypt(u8 *in, u8 *expkey, u8 *out); */ void aes_decrypt(u8 *in, u8 *expkey, u8 *out);
+/**
- aes_cbc_encrypt_blocks() - Encrypt multiple blocks of data with AES CBC.
- @key_exp Expanded key to use
- @src Source data to encrypt
- @dst Destination buffer
- @num_aes_blocks Number of AES blocks to encrypt
- */
+void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks);
#endif /* _AES_REF_H_ */ diff --git a/lib/aes.c b/lib/aes.c index e996b27..4df5dae 100644 --- a/lib/aes.c +++ b/lib/aes.c @@ -580,3 +580,62 @@ void aes_decrypt(u8 *in, u8 *expkey, u8 *out)
memcpy(out, state, sizeof(state));}
+static void debug_print_vector(char *name, u32 num_bytes, u8 *data) +{
u32 i;debug("%s [%d] @0x%08x", name, num_bytes, (u32)data);for (i = 0; i < num_bytes; i++) {if (i % 16 == 0)debug(" = ");debug("%02x", data[i]);if ((i+1) % 16 != 0)debug(" ");}debug("\n");
Can we use print_buffer() here?
+}
+/**
- Apply chain data to the destination using EOR
- Each array is of length AES_AES_KEY_LENGTH.
- @cbc_chain_data Chain data
- @src Source data
- @dst Destination data, which is modified here
- */
+static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst) +{
int i;for (i = 0; i < 16; i++)*dst++ = *src++ ^ *cbc_chain_data++;+}
+void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks) +{
u8 zero_key[AES_KEY_LENGTH] = { 0 };u8 tmp_data[AES_KEY_LENGTH];/* Convenient array of 0's for IV */u8 *cbc_chain_data = zero_key;u32 i;for (i = 0; i < num_aes_blocks; i++) {debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);debug_print_vector("AES Src", AES_KEY_LENGTH, src);/* Apply the chain data */apply_cbc_chain_data(cbc_chain_data, src, tmp_data);debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);/* Encrypt the AES block */aes_encrypt(tmp_data, key_exp, dst);debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);/* Update pointers for next loop. */cbc_chain_data = dst;src += AES_KEY_LENGTH;dst += AES_KEY_LENGTH;}+}
1.8.5.3
U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Regards, Simon