[U-Boot] [PATCH 0/4] aes: add support for aes192 and aes256

older
[U-Boot] [PATCH V2 0/4] pytest:...

Philippe Reynes

23 Sep 2019 23 Sep '19

6:48 p.m.

This serie add the support of aes192 and aes256. This first commit clean a bit the code, and introduce a constant for the block (instead of using the key size). The second commit add the support of aes192 and aes256 to the lib and the cmd. The third update the code of crypto for tegra20, and the forth one add tests in pytest for aes192 and aes256.

Philippe Reynes (4): aes: add a define for the size of a block aes: add support of aes192 and aes256 tegra20: crypto: update code to use new aes api pytest: aes: add test for aes192 and aes256

arch/arm/mach-tegra/tegra20/crypto.c | 41 +++++++------ cmd/aes.c | 40 +++++++++---- include/uboot_aes.h | 39 ++++++++---- lib/aes.c | 111 ++++++++++++++++++++++------------- test/py/tests/aes/key192.bin | 1 + test/py/tests/aes/key256.bin | 1 + test/py/tests/test_aes.py | 54 ++++++++++++++++- 7 files changed, 201 insertions(+), 86 deletions(-) create mode 100644 test/py/tests/aes/key192.bin create mode 100644 test/py/tests/aes/key256.bin

-- 2.7.4

Show replies by date

Philippe Reynes

23 Sep 23 Sep

6:48 p.m.

New subject: [U-Boot] [PATCH 1/4] aes: add a define for the size of a block

In the code, we use the size of the key for the size of the block. It's true when the key is 128 bits, but it become false for key of 192 bits and 256 bits. So to prepare the support of aes192 and 256, we introduce a constant for the iaes block size.

Signed-off-by: Philippe Reynes philippe.reynes@softathome.com --- cmd/aes.c | 2 +- include/uboot_aes.h | 5 +++-- lib/aes.c | 34 +++++++++++++++++----------------- 3 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/cmd/aes.c b/cmd/aes.c index 3db110c..d0a45fa 100644 --- a/cmd/aes.c +++ b/cmd/aes.c @@ -56,7 +56,7 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) aes_expand_key(key_ptr, key_exp);

/* Calculate the number of AES blocks to encrypt. */ - aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH); + aes_blocks = DIV_ROUND_UP(len, AES_BLOCK_LENGTH);

if (enc) aes_cbc_encrypt_blocks(key_exp, iv_ptr, src_ptr, dst_ptr, diff --git a/include/uboot_aes.h b/include/uboot_aes.h index 2fda384..1ae3ac9 100644 --- a/include/uboot_aes.h +++ b/include/uboot_aes.h @@ -18,7 +18,7 @@ typedef unsigned int u32; * AES encryption library, with small code size, supporting only 128-bit AES * * AES is a stream cipher which works a block at a time, with each block - * in this case being AES_KEY_LENGTH bytes. + * in this case being AES_BLOCK_LENGTH bytes. */

enum { @@ -28,6 +28,7 @@ enum {

AES_KEY_LENGTH = 128 / 8, AES_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES_ROUNDS + 1), + AES_BLOCK_LENGTH = 128 / 8, };

/** @@ -62,7 +63,7 @@ void aes_decrypt(u8 *in, u8 *expkey, u8 *out); /** * Apply chain data to the destination using EOR * - * Each array is of length AES_KEY_LENGTH. + * Each array is of length AES_BLOCK_LENGTH. * * @cbc_chain_data Chain data * @src Source data diff --git a/lib/aes.c b/lib/aes.c index a12a192..cfa57b6 100644 --- a/lib/aes.c +++ b/lib/aes.c @@ -596,62 +596,62 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst) { int i;

- for (i = 0; i < AES_KEY_LENGTH; i++) + for (i = 0; i < AES_BLOCK_LENGTH; i++) *dst++ = *src++ ^ *cbc_chain_data++; }

void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, u32 num_aes_blocks) { - u8 tmp_data[AES_KEY_LENGTH]; + u8 tmp_data[AES_BLOCK_LENGTH]; u8 *cbc_chain_data = iv; u32 i;

for (i = 0; i < num_aes_blocks; i++) { debug("encrypt_object: block %d of %d\n", i, num_aes_blocks); - debug_print_vector("AES Src", AES_KEY_LENGTH, src); + debug_print_vector("AES Src", AES_BLOCK_LENGTH, src);

/* Apply the chain data */ aes_apply_cbc_chain_data(cbc_chain_data, src, tmp_data); - debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data); + debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data);

/* Encrypt the AES block */ aes_encrypt(tmp_data, key_exp, dst); - debug_print_vector("AES Dst", AES_KEY_LENGTH, dst); + debug_print_vector("AES Dst", AES_BLOCK_LENGTH, dst);

/* Update pointers for next loop. */ cbc_chain_data = dst; - src += AES_KEY_LENGTH; - dst += AES_KEY_LENGTH; + src += AES_BLOCK_LENGTH; + dst += AES_BLOCK_LENGTH; } }

void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, u32 num_aes_blocks) { - u8 tmp_data[AES_KEY_LENGTH], tmp_block[AES_KEY_LENGTH]; + u8 tmp_data[AES_BLOCK_LENGTH], tmp_block[AES_BLOCK_LENGTH]; /* Convenient array of 0's for IV */ - u8 cbc_chain_data[AES_KEY_LENGTH]; + u8 cbc_chain_data[AES_BLOCK_LENGTH]; u32 i;

- memcpy(cbc_chain_data, iv, AES_KEY_LENGTH); + memcpy(cbc_chain_data, iv, AES_BLOCK_LENGTH); for (i = 0; i < num_aes_blocks; i++) { debug("encrypt_object: block %d of %d\n", i, num_aes_blocks); - debug_print_vector("AES Src", AES_KEY_LENGTH, src); + debug_print_vector("AES Src", AES_BLOCK_LENGTH, src);

- memcpy(tmp_block, src, AES_KEY_LENGTH); + memcpy(tmp_block, src, AES_BLOCK_LENGTH);

/* Decrypt the AES block */ aes_decrypt(src, key_exp, tmp_data); - debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data); + debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data);

/* Apply the chain data */ aes_apply_cbc_chain_data(cbc_chain_data, tmp_data, dst); - debug_print_vector("AES Dst", AES_KEY_LENGTH, dst); + debug_print_vector("AES Dst", AES_BLOCK_LENGTH, dst);

/* Update pointers for next loop. */ - memcpy(cbc_chain_data, tmp_block, AES_KEY_LENGTH); - src += AES_KEY_LENGTH; - dst += AES_KEY_LENGTH; + memcpy(cbc_chain_data, tmp_block, AES_BLOCK_LENGTH); + src += AES_BLOCK_LENGTH; + dst += AES_BLOCK_LENGTH; } }

-- 2.7.4

Simon Glass

21 Oct 21 Oct

5:25 p.m.

New subject: [U-Boot] [PATCH 1/4] aes: add a define for the size of a block

On Mon, 23 Sep 2019 at 10:48, Philippe Reynes philippe.reynes@softathome.com wrote:

...

In the code, we use the size of the key for the size of the block. It's true when the key is 128 bits, but it become false for key of 192 bits and 256 bits. So to prepare the support of aes192 and 256, we introduce a constant for the iaes block size.

Signed-off-by: Philippe Reynes philippe.reynes@softathome.com

cmd/aes.c | 2 +- include/uboot_aes.h | 5 +++-- lib/aes.c | 34 +++++++++++++++++----------------- 3 files changed, 21 insertions(+), 20 deletions(-)

Reviewed-by: Simon Glass sjg@chromium.org

Philippe Reynes

23 Sep 23 Sep

6:48 p.m.

New subject: [U-Boot] [PATCH 2/4] aes: add support of aes192 and aes256

Until now, we only support aes128. This commit add the support of aes192 and aes256.

Signed-off-by: Philippe Reynes philippe.reynes@softathome.com --- cmd/aes.c | 38 +++++++++++++++++--------- include/uboot_aes.h | 34 +++++++++++++++-------- lib/aes.c | 77 +++++++++++++++++++++++++++++++++++++---------------- 3 files changed, 103 insertions(+), 46 deletions(-)

diff --git a/cmd/aes.c b/cmd/aes.c index d0a45fa..e0e43cc 100644 --- a/cmd/aes.c +++ b/cmd/aes.c @@ -2,7 +2,7 @@ /* * Copyright (C) 2014 Marek Vasut marex@denx.de * - * Command for en/de-crypting block of memory with AES-128-CBC cipher. + * Command for en/de-crypting block of memory with AES-[128/192/256]-CBC cipher. */

#include <common.h> @@ -13,6 +13,18 @@ #include <linux/compiler.h> #include <mapmem.h>

+u32 aes_get_key_len(char *command) +{ + u32 key_len = AES128_KEY_LENGTH; + + if (!strcmp(command, "aes.192")) + key_len = AES192_KEY_LENGTH; + else if (!strcmp(command, "aes.256")) + key_len = AES256_KEY_LENGTH; + + return key_len; +} + /** * do_aes() - Handle the "aes" command-line command * @cmdtp: Command data struct pointer @@ -27,13 +39,15 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) { uint32_t key_addr, iv_addr, src_addr, dst_addr, len; uint8_t *key_ptr, *iv_ptr, *src_ptr, *dst_ptr; - uint8_t key_exp[AES_EXPAND_KEY_LENGTH]; - uint32_t aes_blocks; + u8 key_exp[AES256_EXPAND_KEY_LENGTH]; + u32 aes_blocks, key_len; int enc;

if (argc != 7) return CMD_RET_USAGE;

+ key_len = aes_get_key_len(argv[0]); + if (!strncmp(argv[1], "enc", 3)) enc = 1; else if (!strncmp(argv[1], "dec", 3)) @@ -47,23 +61,23 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) dst_addr = simple_strtoul(argv[5], NULL, 16); len = simple_strtoul(argv[6], NULL, 16);

- key_ptr = (uint8_t *)map_sysmem(key_addr, 128 / 8); + key_ptr = (uint8_t *)map_sysmem(key_addr, key_len); iv_ptr = (uint8_t *)map_sysmem(iv_addr, 128 / 8); src_ptr = (uint8_t *)map_sysmem(src_addr, len); dst_ptr = (uint8_t *)map_sysmem(dst_addr, len);

/* First we expand the key. */ - aes_expand_key(key_ptr, key_exp); + aes_expand_key(key_ptr, key_len, key_exp);

/* Calculate the number of AES blocks to encrypt. */ aes_blocks = DIV_ROUND_UP(len, AES_BLOCK_LENGTH);

if (enc) - aes_cbc_encrypt_blocks(key_exp, iv_ptr, src_ptr, dst_ptr, - aes_blocks); + aes_cbc_encrypt_blocks(key_len, key_exp, iv_ptr, src_ptr, + dst_ptr, aes_blocks); else - aes_cbc_decrypt_blocks(key_exp, iv_ptr, src_ptr, dst_ptr, - aes_blocks); + aes_cbc_decrypt_blocks(key_len, key_exp, iv_ptr, src_ptr, + dst_ptr, aes_blocks);

return 0; } @@ -71,13 +85,13 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) /***************************************************/ #ifdef CONFIG_SYS_LONGHELP static char aes_help_text[] = - "enc key iv src dst len - Encrypt block of data $len bytes long\n" + "[.128,.192,.256] enc key iv src dst len - Encrypt block of data $len bytes long\n" " at address $src using a key at address\n" " $key with initialization vector at address\n" " $iv. Store the result at address $dst.\n" " The $len size must be multiple of 16 bytes.\n" " The $key and $iv must be 16 bytes long.\n" - "aes dec key iv src dst len - Decrypt block of data $len bytes long\n" + "[.128,.192,.256] aes dec key iv src dst len - Decrypt block of data $len bytes long\n" " at address $src using a key at address\n" " $key with initialization vector at address\n" " $iv. Store the result at address $dst.\n" @@ -87,6 +101,6 @@ static char aes_help_text[] =

U_BOOT_CMD( aes, 7, 1, do_aes, - "AES 128 CBC encryption", + "AES 128/192/256 CBC encryption", aes_help_text ); diff --git a/include/uboot_aes.h b/include/uboot_aes.h index 1ae3ac9..d2583be 100644 --- a/include/uboot_aes.h +++ b/include/uboot_aes.h @@ -23,11 +23,18 @@ typedef unsigned int u32;

enum { AES_STATECOLS = 4, /* columns in the state & expanded key */ - AES_KEYCOLS = 4, /* columns in a key */ - AES_ROUNDS = 10, /* rounds in encryption */ - - AES_KEY_LENGTH = 128 / 8, - AES_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES_ROUNDS + 1), + AES128_KEYCOLS = 4, /* columns in a key for aes128 */ + AES192_KEYCOLS = 6, /* columns in a key for aes128 */ + AES256_KEYCOLS = 8, /* columns in a key for aes128 */ + AES128_ROUNDS = 10, /* rounds in encryption for aes128 */ + AES192_ROUNDS = 12, /* rounds in encryption for aes192 */ + AES256_ROUNDS = 14, /* rounds in encryption for aes256 */ + AES128_KEY_LENGTH = 128 / 8, + AES192_KEY_LENGTH = 192 / 8, + AES256_KEY_LENGTH = 256 / 8, + AES128_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES128_ROUNDS + 1), + AES192_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES192_ROUNDS + 1), + AES256_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES256_ROUNDS + 1), AES_BLOCK_LENGTH = 128 / 8, };

@@ -37,28 +44,31 @@ enum { * Expand a key into a key schedule, which is then used for the other * operations. * - * @key Key, of length AES_KEY_LENGTH bytes + * @key Key + * @key_size Size of the key (in bits) * @expkey Buffer to place expanded key, AES_EXPAND_KEY_LENGTH */ -void aes_expand_key(u8 *key, u8 *expkey); +void aes_expand_key(u8 *key, u32 key_size, u8 *expkey);

/** * aes_encrypt() - Encrypt single block of data with AES 128 * + * @key_size Size of the aes key (in bits) * @in Input data * @expkey Expanded key to use for encryption (from aes_expand_key()) * @out Output data */ -void aes_encrypt(u8 *in, u8 *expkey, u8 *out); +void aes_encrypt(u32 key_size, u8 *in, u8 *expkey, u8 *out);

/** * aes_decrypt() - Decrypt single block of data with AES 128 * + * @key_size Size of the aes key (in bits) * @in Input data * @expkey Expanded key to use for decryption (from aes_expand_key()) * @out Output data */ -void aes_decrypt(u8 *in, u8 *expkey, u8 *out); +void aes_decrypt(u32 key_size, u8 *in, u8 *expkey, u8 *out);

/** * Apply chain data to the destination using EOR @@ -74,25 +84,27 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst); /** * aes_cbc_encrypt_blocks() - Encrypt multiple blocks of data with AES CBC. * + * @key_size Size of the aes key (in bits) * @key_exp Expanded key to use * @iv Initialization vector * @src Source data to encrypt * @dst Destination buffer * @num_aes_blocks Number of AES blocks to encrypt */ -void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, +void aes_cbc_encrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst, u32 num_aes_blocks);

/** * Decrypt multiple blocks of data with AES CBC. * + * @key_size Size of the aes key (in bits) * @key_exp Expanded key to use * @iv Initialization vector * @src Source data to decrypt * @dst Destination buffer * @num_aes_blocks Number of AES blocks to decrypt */ -void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, +void aes_cbc_decrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst, u32 num_aes_blocks);

#endif /* _AES_REF_H_ */ diff --git a/lib/aes.c b/lib/aes.c index cfa57b6..ce53c9f 100644 --- a/lib/aes.c +++ b/lib/aes.c @@ -508,50 +508,79 @@ static u8 rcon[11] = { 0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36 };

+static u32 aes_get_rounds(u32 key_len) +{ + u32 rounds = AES128_ROUNDS; + + if (key_len == AES192_KEY_LENGTH) + rounds = AES192_ROUNDS; + else if (key_len == AES256_KEY_LENGTH) + rounds = AES256_ROUNDS; + + return rounds; +} + +static u32 aes_get_keycols(u32 key_len) +{ + u32 keycols = AES128_KEYCOLS; + + if (key_len == AES192_KEY_LENGTH) + keycols = AES192_KEYCOLS; + else if (key_len == AES256_KEY_LENGTH) + keycols = AES256_KEYCOLS; + + return keycols; +} + /* produce AES_STATECOLS bytes for each round */ -void aes_expand_key(u8 *key, u8 *expkey) +void aes_expand_key(u8 *key, u32 key_len, u8 *expkey) { u8 tmp0, tmp1, tmp2, tmp3, tmp4; - u32 idx; + u32 idx, aes_rounds, aes_keycols;

- memcpy(expkey, key, AES_KEYCOLS * 4); + aes_rounds = aes_get_rounds(key_len); + aes_keycols = aes_get_keycols(key_len);

- for (idx = AES_KEYCOLS; idx < AES_STATECOLS * (AES_ROUNDS + 1); idx++) { + memcpy(expkey, key, key_len); + + for (idx = aes_keycols; idx < AES_STATECOLS * (aes_rounds + 1); idx++) { tmp0 = expkey[4*idx - 4]; tmp1 = expkey[4*idx - 3]; tmp2 = expkey[4*idx - 2]; tmp3 = expkey[4*idx - 1]; - if (!(idx % AES_KEYCOLS)) { + if (!(idx % aes_keycols)) { tmp4 = tmp3; tmp3 = sbox[tmp0]; - tmp0 = sbox[tmp1] ^ rcon[idx / AES_KEYCOLS]; + tmp0 = sbox[tmp1] ^ rcon[idx / aes_keycols]; tmp1 = sbox[tmp2]; tmp2 = sbox[tmp4]; - } else if ((AES_KEYCOLS > 6) && (idx % AES_KEYCOLS == 4)) { + } else if ((aes_keycols > 6) && (idx % aes_keycols == 4)) { tmp0 = sbox[tmp0]; tmp1 = sbox[tmp1]; tmp2 = sbox[tmp2]; tmp3 = sbox[tmp3]; }

- expkey[4*idx+0] = expkey[4*idx - 4*AES_KEYCOLS + 0] ^ tmp0; - expkey[4*idx+1] = expkey[4*idx - 4*AES_KEYCOLS + 1] ^ tmp1; - expkey[4*idx+2] = expkey[4*idx - 4*AES_KEYCOLS + 2] ^ tmp2; - expkey[4*idx+3] = expkey[4*idx - 4*AES_KEYCOLS + 3] ^ tmp3; + expkey[4*idx+0] = expkey[4*idx - 4*aes_keycols + 0] ^ tmp0; + expkey[4*idx+1] = expkey[4*idx - 4*aes_keycols + 1] ^ tmp1; + expkey[4*idx+2] = expkey[4*idx - 4*aes_keycols + 2] ^ tmp2; + expkey[4*idx+3] = expkey[4*idx - 4*aes_keycols + 3] ^ tmp3; } }

/* encrypt one 128 bit block */ -void aes_encrypt(u8 *in, u8 *expkey, u8 *out) +void aes_encrypt(u32 key_len, u8 *in, u8 *expkey, u8 *out) { u8 state[AES_STATECOLS * 4]; - u32 round; + u32 round, aes_rounds; + + aes_rounds = aes_get_rounds(key_len);

memcpy(state, in, AES_STATECOLS * 4); add_round_key((u32 *)state, (u32 *)expkey);

- for (round = 1; round < AES_ROUNDS + 1; round++) { - if (round < AES_ROUNDS) + for (round = 1; round < aes_rounds + 1; round++) { + if (round < aes_rounds) mix_sub_columns(state); else shift_rows(state); @@ -563,18 +592,20 @@ void aes_encrypt(u8 *in, u8 *expkey, u8 *out) memcpy(out, state, sizeof(state)); }

-void aes_decrypt(u8 *in, u8 *expkey, u8 *out) +void aes_decrypt(u32 key_len, u8 *in, u8 *expkey, u8 *out) { u8 state[AES_STATECOLS * 4]; - int round; + int round, aes_rounds; + + aes_rounds = aes_get_rounds(key_len);

memcpy(state, in, sizeof(state));

add_round_key((u32 *)state, - (u32 *)expkey + AES_ROUNDS * AES_STATECOLS); + (u32 *)expkey + aes_rounds * AES_STATECOLS); inv_shift_rows(state);

- for (round = AES_ROUNDS; round--; ) { + for (round = aes_rounds; round--; ) { add_round_key((u32 *)state, (u32 *)expkey + round * AES_STATECOLS); if (round) @@ -600,7 +631,7 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst) *dst++ = *src++ ^ *cbc_chain_data++; }

-void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, +void aes_cbc_encrypt_blocks(u32 key_len, u8 *key_exp, u8 *iv, u8 *src, u8 *dst, u32 num_aes_blocks) { u8 tmp_data[AES_BLOCK_LENGTH]; @@ -616,7 +647,7 @@ void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data);

/* Encrypt the AES block */ - aes_encrypt(tmp_data, key_exp, dst); + aes_encrypt(key_len, tmp_data, key_exp, dst); debug_print_vector("AES Dst", AES_BLOCK_LENGTH, dst);

/* Update pointers for next loop. */ @@ -626,7 +657,7 @@ void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, } }

-void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, +void aes_cbc_decrypt_blocks(u32 key_len, u8 *key_exp, u8 *iv, u8 *src, u8 *dst, u32 num_aes_blocks) { u8 tmp_data[AES_BLOCK_LENGTH], tmp_block[AES_BLOCK_LENGTH]; @@ -642,7 +673,7 @@ void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, memcpy(tmp_block, src, AES_BLOCK_LENGTH);

/* Decrypt the AES block */ - aes_decrypt(src, key_exp, tmp_data); + aes_decrypt(key_len, src, key_exp, tmp_data); debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data);

/* Apply the chain data */

-- 2.7.4

Philippe Reynes

6:48 p.m.

New subject: [U-Boot] [PATCH 3/4] tegra20: crypto: update code to use new aes api

Signed-off-by: Philippe Reynes philippe.reynes@softathome.com --- arch/arm/mach-tegra/tegra20/crypto.c | 41 +++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 19 deletions(-)

diff --git a/arch/arm/mach-tegra/tegra20/crypto.c b/arch/arm/mach-tegra/tegra20/crypto.c index 66fbc3b..b91191e 100644 --- a/arch/arm/mach-tegra/tegra20/crypto.c +++ b/arch/arm/mach-tegra/tegra20/crypto.c @@ -39,34 +39,35 @@ static void left_shift_vector(u8 *in, u8 *out, int size) /** * Sign a block of data, putting the result into dst. * - * \param key Input AES key, length AES_KEY_LENGTH + * \param key Input AES key, length AES128_KEY_LENGTH * \param key_schedule Expanded key to use * \param src Source data of length 'num_aes_blocks' blocks - * \param dst Destination buffer, length AES_KEY_LENGTH + * \param dst Destination buffer, length AES128_KEY_LENGTH * \param num_aes_blocks Number of AES blocks to encrypt */ static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst, u32 num_aes_blocks) { - u8 tmp_data[AES_KEY_LENGTH]; - u8 iv[AES_KEY_LENGTH] = {0}; - u8 left[AES_KEY_LENGTH]; - u8 k1[AES_KEY_LENGTH]; + u8 tmp_data[AES128_KEY_LENGTH]; + u8 iv[AES128_KEY_LENGTH] = {0}; + u8 left[AES128_KEY_LENGTH]; + u8 k1[AES128_KEY_LENGTH]; u8 *cbc_chain_data; unsigned i;

cbc_chain_data = zero_key; /* Convenient array of 0's for IV */

/* compute K1 constant needed by AES-CMAC calculation */ - for (i = 0; i < AES_KEY_LENGTH; i++) + for (i = 0; i < AES128_KEY_LENGTH; i++) tmp_data[i] = 0;

- aes_cbc_encrypt_blocks(key_schedule, iv, tmp_data, left, 1); + aes_cbc_encrypt_blocks(AES128_KEY_LENGTH, key_schedule, iv, + tmp_data, left, 1);

left_shift_vector(left, k1, sizeof(left));

if ((left[0] >> 7) != 0) /* get MSB of L */ - k1[AES_KEY_LENGTH-1] ^= AES_CMAC_CONST_RB; + k1[AES128_KEY_LENGTH - 1] ^= AES_CMAC_CONST_RB;

/* compute the AES-CMAC value */ for (i = 0; i < num_aes_blocks; i++) { @@ -78,31 +79,32 @@ static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst, aes_apply_cbc_chain_data(tmp_data, k1, tmp_data);

/* encrypt the AES block */ - aes_encrypt(tmp_data, key_schedule, dst); + aes_encrypt(AES128_KEY_LENGTH, tmp_data, + key_schedule, dst);

debug("sign_obj: block %d of %d\n", i, num_aes_blocks);

/* Update pointers for next loop. */ cbc_chain_data = dst; - src += AES_KEY_LENGTH; + src += AES128_KEY_LENGTH; } }

/** * Encrypt and sign a block of data (depending on security mode). * - * \param key Input AES key, length AES_KEY_LENGTH + * \param key Input AES key, length AES128_KEY_LENGTH * \param oper Security operations mask to perform (enum security_op) * \param src Source data * \param length Size of source data - * \param sig_dst Destination address for signature, AES_KEY_LENGTH bytes + * \param sig_dst Destination address for signature, AES128_KEY_LENGTH bytes */ static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src, u32 length, u8 *sig_dst) { u32 num_aes_blocks; - u8 key_schedule[AES_EXPAND_KEY_LENGTH]; - u8 iv[AES_KEY_LENGTH] = {0}; + u8 key_schedule[AES128_EXPAND_KEY_LENGTH]; + u8 iv[AES128_KEY_LENGTH] = {0};

debug("encrypt_and_sign: length = %d\n", length);

@@ -110,15 +112,16 @@ static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src, * The only need for a key is for signing/checksum purposes, so * if not encrypting, expand a key of 0s. */ - aes_expand_key(oper & SECURITY_ENCRYPT ? key : zero_key, key_schedule); + aes_expand_key(oper & SECURITY_ENCRYPT ? key : zero_key, + AES128_KEY_LENGTH, key_schedule);

- num_aes_blocks = (length + AES_KEY_LENGTH - 1) / AES_KEY_LENGTH; + num_aes_blocks = (length + AES128_KEY_LENGTH - 1) / AES128_KEY_LENGTH;

if (oper & SECURITY_ENCRYPT) { /* Perform this in place, resulting in src being encrypted. */ debug("encrypt_and_sign: begin encryption\n"); - aes_cbc_encrypt_blocks(key_schedule, iv, src, src, - num_aes_blocks); + aes_cbc_encrypt_blocks(AES128_KEY_LENGTH, key_schedule, iv, src, + src, num_aes_blocks); debug("encrypt_and_sign: end encryption\n"); }

-- 2.7.4

Philippe Reynes

6:48 p.m.

New subject: [U-Boot] [PATCH 4/4] pytest: aes: add test for aes192 and aes256

Signed-off-by: Philippe Reynes philippe.reynes@softathome.com --- test/py/tests/aes/key192.bin | 1 + test/py/tests/aes/key256.bin | 1 + test/py/tests/test_aes.py | 54 +++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 test/py/tests/aes/key192.bin create mode 100644 test/py/tests/aes/key256.bin

diff --git a/test/py/tests/aes/key192.bin b/test/py/tests/aes/key192.bin new file mode 100644 index 0000000..9165c3f --- /dev/null +++ b/test/py/tests/aes/key192.bin @@ -0,0 +1 @@ +T��a�3��2D8�aL��'( \ No newline at end of file diff --git a/test/py/tests/aes/key256.bin b/test/py/tests/aes/key256.bin new file mode 100644 index 0000000..4d9c6ab --- /dev/null +++ b/test/py/tests/aes/key256.bin @@ -0,0 +1 @@ +��x��QC֤o��n��h!�a/噧8�U \ No newline at end of file diff --git a/test/py/tests/test_aes.py b/test/py/tests/test_aes.py index 408bd77..baf410e 100644 --- a/test/py/tests/test_aes.py +++ b/test/py/tests/test_aes.py @@ -21,7 +21,7 @@ def test_aes(u_boot_console):

# Send a command with no argument ... output = cons.run_command('aes') - assert('AES 128 CBC encryption' in ''.join(output)) + assert('AES 128/192/256 CBC encryption' in ''.join(output))

# Load file from host output = cons.run_command('host load hostfs - 1000 %skey128.bin' % datadir) @@ -46,3 +46,55 @@ def test_aes(u_boot_console):

output = cons.run_command('cmp.b 3000 5000 0x20') assert('Total of 32 byte(s) were the same' in ''.join(output)) + + # + # Load file from host + # + output = cons.run_command('host load hostfs - 1000 %skey192.bin' % datadir) + assert('24 bytes read' in ''.join(output)) + output = cons.run_command('host load hostfs - 2000 %siv128.bin' % datadir) + assert('16 bytes read' in ''.join(output)) + output = cons.run_command('host load hostfs - 3000 %splaintext.bin' % datadir) + assert('32 bytes read' in ''.join(output)) + + output = cons.run_command('md.b 3000 0x20') + + output = cons.run_command('aes.192 enc 1000 2000 3000 4000 0x20') + + output = cons.run_command('cmp.b 3000 4000 0x20') + assert('Total of 0 byte(s) were the same' in ''.join(output)) + + output = cons.run_command('md.b 4000 0x20') + + output = cons.run_command('aes.192 dec 1000 2000 4000 5000 0x20') + + output = cons.run_command('md.b 5000 0x20') + + output = cons.run_command('cmp.b 3000 5000 0x20') + assert('Total of 32 byte(s) were the same' in ''.join(output)) + + # + # Load file from host + # + output = cons.run_command('host load hostfs - 1000 %skey256.bin' % datadir) + assert('32 bytes read' in ''.join(output)) + output = cons.run_command('host load hostfs - 2000 %siv128.bin' % datadir) + assert('16 bytes read' in ''.join(output)) + output = cons.run_command('host load hostfs - 3000 %splaintext.bin' % datadir) + assert('32 bytes read' in ''.join(output)) + + output = cons.run_command('md.b 3000 0x20') + + output = cons.run_command('aes.256 enc 1000 2000 3000 4000 0x20') + + output = cons.run_command('cmp.b 3000 4000 0x20') + assert('Total of 0 byte(s) were the same' in ''.join(output)) + + output = cons.run_command('md.b 4000 0x20') + + output = cons.run_command('aes.256 dec 1000 2000 4000 5000 0x20') + + output = cons.run_command('md.b 5000 0x20') + + output = cons.run_command('cmp.b 3000 5000 0x20') + assert('Total of 32 byte(s) were the same' in ''.join(output))

-- 2.7.4

2025

Age (days ago)

2053

Last active (days ago)

List overview

Download

5 comments

2 participants

tags (0)

participants (2)

Philippe Reynes
Simon Glass