[U-Boot] [PATCH 1/4] aes: Fix kerneldoc for aes.h
Fix the function annotations in aes.h so they're compatible with kerneldoc.
Signed-off-by: Marek Vasut marex@denx.de --- include/aes.h | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/include/aes.h b/include/aes.h index ea06308..c70eda6 100644 --- a/include/aes.h +++ b/include/aes.h @@ -25,29 +25,31 @@ enum { };
/** + * aes_expand_key() - Expand the AES key + * * Expand a key into a key schedule, which is then used for the other * operations. * - * \param key Key, of length AES_KEY_LENGTH bytes - * \param expkey Buffer to place expanded key, AES_EXPAND_KEY_LENGTH + * @key Key, of length AES_KEY_LENGTH bytes + * @expkey Buffer to place expanded key, AES_EXPAND_KEY_LENGTH */ void aes_expand_key(u8 *key, u8 *expkey);
/** - * Encrypt a single block of data + * aes_encrypt() - Encrypt single block of data with AES 128 * - * in Input data - * expkey Expanded key to use for encryption (from aes_expand_key()) - * out Output data + * @in Input data + * @expkey Expanded key to use for encryption (from aes_expand_key()) + * @out Output data */ void aes_encrypt(u8 *in, u8 *expkey, u8 *out);
/** - * Decrypt a single block of data + * aes_decrypt() - Decrypt single block of data with AES 128 * - * in Input data - * expkey Expanded key to use for decryption (from aes_expand_key()) - * out Output data + * @in Input data + * @expkey Expanded key to use for decryption (from aes_expand_key()) + * @out Output data */ void aes_decrypt(u8 *in, u8 *expkey, u8 *out);
Move the AES-128-CBC encryption function implemented in tegra20-common/crypto.c into lib/aes.c . This is well re-usable common code. Moreover, clean the code up a bit and fix the kerneldoc-style annotations.
Signed-off-by: Marek Vasut marex@denx.de --- arch/arm/cpu/tegra20-common/crypto.c | 72 +----------------------------------- include/aes.h | 10 +++++ lib/aes.c | 52 ++++++++++++++++++++++++++ 3 files changed, 64 insertions(+), 70 deletions(-)
V2: Replace AES_AES_KEY_LENGTH with AES_KEY_LENGTH Use print_buffer() instead of ad-hoc implementation
diff --git a/arch/arm/cpu/tegra20-common/crypto.c b/arch/arm/cpu/tegra20-common/crypto.c index 8209f76..b18e67c 100644 --- a/arch/arm/cpu/tegra20-common/crypto.c +++ b/arch/arm/cpu/tegra20-common/crypto.c @@ -19,74 +19,6 @@ enum security_op { SECURITY_ENCRYPT = 1 << 1, /* Encrypt the data */ };
-static void debug_print_vector(char *name, u32 num_bytes, u8 *data) -{ - u32 i; - - debug("%s [%d] @0x%08x", name, num_bytes, (u32)data); - for (i = 0; i < num_bytes; i++) { - if (i % 16 == 0) - debug(" = "); - debug("%02x", data[i]); - if ((i+1) % 16 != 0) - debug(" "); - } - debug("\n"); -} - -/** - * Apply chain data to the destination using EOR - * - * Each array is of length AES_AES_KEY_LENGTH. - * - * \param cbc_chain_data Chain data - * \param src Source data - * \param dst Destination data, which is modified here - */ -static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst) -{ - int i; - - for (i = 0; i < 16; i++) - *dst++ = *src++ ^ *cbc_chain_data++; -} - -/** - * Encrypt some data with AES. - * - * \param key_schedule Expanded key to use - * \param src Source data to encrypt - * \param dst Destination buffer - * \param num_aes_blocks Number of AES blocks to encrypt - */ -static void encrypt_object(u8 *key_schedule, u8 *src, u8 *dst, - u32 num_aes_blocks) -{ - u8 tmp_data[AES_KEY_LENGTH]; - u8 *cbc_chain_data; - u32 i; - - cbc_chain_data = zero_key; /* Convenient array of 0's for IV */ - - for (i = 0; i < num_aes_blocks; i++) { - debug("encrypt_object: block %d of %d\n", i, num_aes_blocks); - debug_print_vector("AES Src", AES_KEY_LENGTH, src); - - /* Apply the chain data */ - apply_cbc_chain_data(cbc_chain_data, src, tmp_data); - debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data); - - /* encrypt the AES block */ - aes_encrypt(tmp_data, key_schedule, dst); - debug_print_vector("AES Dst", AES_KEY_LENGTH, dst); - - /* Update pointers for next loop. */ - cbc_chain_data = dst; - src += AES_KEY_LENGTH; - dst += AES_KEY_LENGTH; - } -} - /** * Shift a vector left by one bit * @@ -129,7 +61,7 @@ static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst, for (i = 0; i < AES_KEY_LENGTH; i++) tmp_data[i] = 0;
- encrypt_object(key_schedule, tmp_data, left, 1); + aes_cbc_encrypt_blocks(key_schedule, tmp_data, left, 1); debug_print_vector("AES(key, nonce)", AES_KEY_LENGTH, left);
left_shift_vector(left, k1, sizeof(left)); @@ -193,7 +125,7 @@ static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src, if (oper & SECURITY_ENCRYPT) { /* Perform this in place, resulting in src being encrypted. */ debug("encrypt_and_sign: begin encryption\n"); - encrypt_object(key_schedule, src, src, num_aes_blocks); + aes_cbc_encrypt_blocks(key_schedule, src, src, num_aes_blocks); debug("encrypt_and_sign: end encryption\n"); }
diff --git a/include/aes.h b/include/aes.h index c70eda6..d9bb387 100644 --- a/include/aes.h +++ b/include/aes.h @@ -53,4 +53,14 @@ void aes_encrypt(u8 *in, u8 *expkey, u8 *out); */ void aes_decrypt(u8 *in, u8 *expkey, u8 *out);
+/** + * aes_cbc_encrypt_blocks() - Encrypt multiple blocks of data with AES CBC. + * + * @key_exp Expanded key to use + * @src Source data to encrypt + * @dst Destination buffer + * @num_aes_blocks Number of AES blocks to encrypt + */ +void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks); + #endif /* _AES_REF_H_ */ diff --git a/lib/aes.c b/lib/aes.c index e996b27..a6648f9 100644 --- a/lib/aes.c +++ b/lib/aes.c @@ -580,3 +580,55 @@ void aes_decrypt(u8 *in, u8 *expkey, u8 *out)
memcpy(out, state, sizeof(state)); } + +static void debug_print_vector(char *name, u32 num_bytes, u8 *data) +{ +#ifdef DEBUG + printf("%s [%d] @0x%08x", name, num_bytes, (u32)data); + print_buffer(0, data, 1, num_bytes, 16); +#endif +} + +/** + * Apply chain data to the destination using EOR + * + * Each array is of length AES_KEY_LENGTH. + * + * @cbc_chain_data Chain data + * @src Source data + * @dst Destination data, which is modified here + */ +static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst) +{ + int i; + + for (i = 0; i < AES_KEY_LENGTH; i++) + *dst++ = *src++ ^ *cbc_chain_data++; +} + +void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks) +{ + u8 zero_key[AES_KEY_LENGTH] = { 0 }; + u8 tmp_data[AES_KEY_LENGTH]; + /* Convenient array of 0's for IV */ + u8 *cbc_chain_data = zero_key; + u32 i; + + for (i = 0; i < num_aes_blocks; i++) { + debug("encrypt_object: block %d of %d\n", i, num_aes_blocks); + debug_print_vector("AES Src", AES_KEY_LENGTH, src); + + /* Apply the chain data */ + apply_cbc_chain_data(cbc_chain_data, src, tmp_data); + debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data); + + /* Encrypt the AES block */ + aes_encrypt(tmp_data, key_exp, dst); + debug_print_vector("AES Dst", AES_KEY_LENGTH, dst); + + /* Update pointers for next loop. */ + cbc_chain_data = dst; + src += AES_KEY_LENGTH; + dst += AES_KEY_LENGTH; + } +}
On Wed, Mar 05, 2014 at 07:58:37PM +0100, Marek Vasut wrote:
Move the AES-128-CBC encryption function implemented in tegra20-common/crypto.c into lib/aes.c . This is well re-usable common code. Moreover, clean the code up a bit and fix the kerneldoc-style annotations.
Signed-off-by: Marek Vasut marex@denx.de
Applied to u-boot/next (with a reword to rewrap), thanks!
On 03/27/2014 10:59 AM, Tom Rini wrote:
On Wed, Mar 05, 2014 at 07:58:37PM +0100, Marek Vasut wrote:
Move the AES-128-CBC encryption function implemented in tegra20-common/crypto.c into lib/aes.c . This is well re-usable common code. Moreover, clean the code up a bit and fix the kerneldoc-style annotations.
Signed-off-by: Marek Vasut marex@denx.de
Applied to u-boot/next (with a reword to rewrap), thanks!
BTW, this breaks compilation on NVIDIA Tegra Seaboard.
Tom R fixed most of the issue with "ARM:tegra20: Remove aes debug prints", but the following still remains:
arch/arm/cpu/tegra20-common/crypto.c: In function ‘sign_object’: arch/arm/cpu/tegra20-common/crypto.c:74:3: warning: implicit declaration of function ‘apply_cbc_chain_data’ [-Wimplicit-function-declaration] arch/arm/cpu/tegra20-common/crypto.c: In function ‘sign_object’: arch/arm/cpu/tegra20-common/crypto.c:74:3: warning: implicit declaration of function ‘apply_cbc_chain_data’ [-Wimplicit-function-declaration] arch/arm/cpu/built-in.o: In function `sign_object': .../arch/arm/cpu/tegra20-common/crypto.c:74: undefined reference to `apply_cbc_chain_data' .../arch/arm/cpu/tegra20-common/crypto.c:78: undefined reference to `apply_cbc_chain_data'
Implement a compatible AES-128-CBC decryption function as a counterpart of the encryption function pulled from tegra20-common/crypto.c .
Signed-off-by: Marek Vasut marex@denx.de --- include/aes.h | 10 ++++++++++ lib/aes.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+)
diff --git a/include/aes.h b/include/aes.h index d9bb387..4897e6f 100644 --- a/include/aes.h +++ b/include/aes.h @@ -63,4 +63,14 @@ void aes_decrypt(u8 *in, u8 *expkey, u8 *out); */ void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks);
+/** + * Decrypt multiple blocks of data with AES CBC. + * + * @key_exp Expanded key to use + * @src Source data to decrypt + * @dst Destination buffer + * @num_aes_blocks Number of AES blocks to decrypt + */ +void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks); + #endif /* _AES_REF_H_ */ diff --git a/lib/aes.c b/lib/aes.c index a6648f9..9dadb22 100644 --- a/lib/aes.c +++ b/lib/aes.c @@ -632,3 +632,31 @@ void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks) dst += AES_KEY_LENGTH; } } + +void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks) +{ + u8 tmp_data[AES_KEY_LENGTH], tmp_block[AES_KEY_LENGTH]; + /* Convenient array of 0's for IV */ + u8 cbc_chain_data[AES_KEY_LENGTH] = { 0 }; + u32 i; + + for (i = 0; i < num_aes_blocks; i++) { + debug("encrypt_object: block %d of %d\n", i, num_aes_blocks); + debug_print_vector("AES Src", AES_KEY_LENGTH, src); + + memcpy(tmp_block, src, AES_KEY_LENGTH); + + /* Decrypt the AES block */ + aes_decrypt(src, key_exp, tmp_data); + debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data); + + /* Apply the chain data */ + apply_cbc_chain_data(cbc_chain_data, tmp_data, dst); + debug_print_vector("AES Dst", AES_KEY_LENGTH, dst); + + /* Update pointers for next loop. */ + memcpy(cbc_chain_data, tmp_block, AES_KEY_LENGTH); + src += AES_KEY_LENGTH; + dst += AES_KEY_LENGTH; + } +}
On Wed, Mar 05, 2014 at 07:58:38PM +0100, Marek Vasut wrote:
Implement a compatible AES-128-CBC decryption function as a counterpart of the encryption function pulled from tegra20-common/crypto.c .
Signed-off-by: Marek Vasut marex@denx.de
Applied to u-boot/next, thanks!
Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line.
Signed-off-by: Marek Vasut marex@denx.de --- README | 1 + common/Makefile | 1 + common/cmd_aes.c | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 91 insertions(+) create mode 100644 common/cmd_aes.c
diff --git a/README b/README index 216f0c7..fd717bf 100644 --- a/README +++ b/README @@ -910,6 +910,7 @@ The following options need to be configured: The default command configuration includes all commands except those marked below with a "*".
+ CONFIG_CMD_AES AES 128 CBC encrypt/decrypt CONFIG_CMD_ASKENV * ask for env variable CONFIG_CMD_BDI bdinfo CONFIG_CMD_BEDBUG * Include BedBug Debugger diff --git a/common/Makefile b/common/Makefile index 04e9cdd..622f7bb 100644 --- a/common/Makefile +++ b/common/Makefile @@ -48,6 +48,7 @@ obj-$(CONFIG_ENV_IS_IN_UBI) += env_ubi.o obj-$(CONFIG_ENV_IS_NOWHERE) += env_nowhere.o
# command +obj-$(CONFIG_CMD_AES) += cmd_aes.o obj-$(CONFIG_CMD_AMBAPP) += cmd_ambapp.o obj-$(CONFIG_SOURCE) += cmd_source.o obj-$(CONFIG_CMD_SOURCE) += cmd_source.o diff --git a/common/cmd_aes.c b/common/cmd_aes.c new file mode 100644 index 0000000..76da3ef --- /dev/null +++ b/common/cmd_aes.c @@ -0,0 +1,89 @@ +/* + * Copyright (C) 2014 Marek Vasut marex@denx.de + * + * Command for en/de-crypting block of memory with AES-128-CBC cipher. + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include <common.h> +#include <command.h> +#include <environment.h> +#include <aes.h> +#include <malloc.h> +#include <asm/byteorder.h> +#include <linux/compiler.h> + +DECLARE_GLOBAL_DATA_PTR; + +/** + * do_aes() - Handle the "aes" command-line command + * @cmdtp: Command data struct pointer + * @flag: Command flag + * @argc: Command-line argument count + * @argv: Array of command-line arguments + * + * Returns zero on success, CMD_RET_USAGE in case of misuse and negative + * on error. + */ +static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) +{ + uint32_t key_addr, src_addr, dst_addr, len; + uint8_t *key_ptr, *src_ptr, *dst_ptr; + uint8_t key_exp[AES_EXPAND_KEY_LENGTH]; + uint32_t aes_blocks; + int enc; + + if (argc != 6) + return CMD_RET_USAGE; + + if (!strncmp(argv[1], "enc", 3)) + enc = 1; + else if (!strncmp(argv[1], "dec", 3)) + enc = 0; + else + return CMD_RET_USAGE; + + key_addr = simple_strtoul(argv[2], NULL, 16); + src_addr = simple_strtoul(argv[3], NULL, 16); + dst_addr = simple_strtoul(argv[4], NULL, 16); + len = simple_strtoul(argv[5], NULL, 16); + + key_ptr = (uint8_t *)key_addr; + src_ptr = (uint8_t *)src_addr; + dst_ptr = (uint8_t *)dst_addr; + + /* First we expand the key. */ + aes_expand_key(key_ptr, key_exp); + + /* Calculate the number of AES blocks to encrypt. */ + aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH); + + if (enc) + aes_cbc_encrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks); + else + aes_cbc_decrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks); + + return 0; +} + +/***************************************************/ +#ifdef CONFIG_SYS_LONGHELP +static char aes_help_text[] = + "enc key src dst len - Encrypt block of data $len bytes long\n" + " at address $src using a key at address\n" + " $key and store the result at address\n" + " $dst. The $len size must be multiple of\n" + " 16 bytes and $key must be 16 bytes long.\n" + "aes dec key src dst len - Decrypt block of data $len bytes long\n" + " at address $src using a key at address\n" + " $key and store the result at address\n" + " $dst. The $len size must be multiple of\n" + " 16 bytes and $key must be 16 bytes long."; +#endif + +U_BOOT_CMD( + aes, 6, 1, do_aes, + "AES 128 CBC encryption", + aes_help_text +);
On Wed, Mar 05, 2014 at 07:58:39PM +0100, Marek Vasut wrote:
Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line.
Signed-off-by: Marek Vasut marex@denx.de
Applied to u-boot/next, thanks!
On Wed, Mar 05, 2014 at 07:58:36PM +0100, Marek Vasut wrote:
Fix the function annotations in aes.h so they're compatible with kerneldoc.
Signed-off-by: Marek Vasut marex@denx.de
Applied to u-boot/next, thanks!
participants (3)
-
Marek Vasut -
Stephen Warren -
Tom Rini