Message ID | 1391658280-24709-2-git-send-email-marex@denx.de |
---|---|
State | Changes Requested |
Delegated to: | Tom Rini |
Headers | show |
Hi Marek, On 5 February 2014 20:44, Marek Vasut <marex@denx.de> wrote: > Move the AES-128-CBC encryption function implemented in tegra20-common/crypto.c > into lib/aes.c . This is well re-usable common code. Moreover, clean the code up > a bit and fix the kerneldoc-style annotations. > > Signed-off-by: Marek Vasut <marex@denx.de> > --- > arch/arm/cpu/tegra20-common/crypto.c | 72 +----------------------------------- > include/aes.h | 10 +++++ > lib/aes.c | 59 +++++++++++++++++++++++++++++ > 3 files changed, 71 insertions(+), 70 deletions(-) > > diff --git a/arch/arm/cpu/tegra20-common/crypto.c b/arch/arm/cpu/tegra20-common/crypto.c > index 8209f76..b18e67c 100644 > --- a/arch/arm/cpu/tegra20-common/crypto.c > +++ b/arch/arm/cpu/tegra20-common/crypto.c > @@ -19,74 +19,6 @@ enum security_op { > SECURITY_ENCRYPT = 1 << 1, /* Encrypt the data */ > }; > > -static void debug_print_vector(char *name, u32 num_bytes, u8 *data) > -{ > - u32 i; > - > - debug("%s [%d] @0x%08x", name, num_bytes, (u32)data); > - for (i = 0; i < num_bytes; i++) { > - if (i % 16 == 0) > - debug(" = "); > - debug("%02x", data[i]); > - if ((i+1) % 16 != 0) > - debug(" "); > - } > - debug("\n"); > -} > - > -/** > - * Apply chain data to the destination using EOR > - * > - * Each array is of length AES_AES_KEY_LENGTH. AES_KEY_LENGTH > - * > - * \param cbc_chain_data Chain data > - * \param src Source data > - * \param dst Destination data, which is modified here > - */ > -static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst) > -{ > - int i; > - > - for (i = 0; i < 16; i++) AES_KEY_LENGTH? > - *dst++ = *src++ ^ *cbc_chain_data++; > -} > - > -/** > - * Encrypt some data with AES. > - * > - * \param key_schedule Expanded key to use > - * \param src Source data to encrypt > - * \param dst Destination buffer > - * \param num_aes_blocks Number of AES blocks to encrypt > - */ > -static void encrypt_object(u8 *key_schedule, u8 *src, u8 *dst, > - u32 num_aes_blocks) > -{ > - u8 tmp_data[AES_KEY_LENGTH]; > - u8 *cbc_chain_data; > - u32 i; > - > - cbc_chain_data = zero_key; /* Convenient array of 0's for IV */ > - > - for (i = 0; i < num_aes_blocks; i++) { > - debug("encrypt_object: block %d of %d\n", i, num_aes_blocks); > - debug_print_vector("AES Src", AES_KEY_LENGTH, src); > - > - /* Apply the chain data */ > - apply_cbc_chain_data(cbc_chain_data, src, tmp_data); > - debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data); > - > - /* encrypt the AES block */ > - aes_encrypt(tmp_data, key_schedule, dst); > - debug_print_vector("AES Dst", AES_KEY_LENGTH, dst); > - > - /* Update pointers for next loop. */ > - cbc_chain_data = dst; > - src += AES_KEY_LENGTH; > - dst += AES_KEY_LENGTH; > - } > -} > - > /** > * Shift a vector left by one bit > * > @@ -129,7 +61,7 @@ static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst, > for (i = 0; i < AES_KEY_LENGTH; i++) > tmp_data[i] = 0; > > - encrypt_object(key_schedule, tmp_data, left, 1); > + aes_cbc_encrypt_blocks(key_schedule, tmp_data, left, 1); > debug_print_vector("AES(key, nonce)", AES_KEY_LENGTH, left); > > left_shift_vector(left, k1, sizeof(left)); > @@ -193,7 +125,7 @@ static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src, > if (oper & SECURITY_ENCRYPT) { > /* Perform this in place, resulting in src being encrypted. */ > debug("encrypt_and_sign: begin encryption\n"); > - encrypt_object(key_schedule, src, src, num_aes_blocks); > + aes_cbc_encrypt_blocks(key_schedule, src, src, num_aes_blocks); > debug("encrypt_and_sign: end encryption\n"); > } > > diff --git a/include/aes.h b/include/aes.h > index c70eda6..d9bb387 100644 > --- a/include/aes.h > +++ b/include/aes.h > @@ -53,4 +53,14 @@ void aes_encrypt(u8 *in, u8 *expkey, u8 *out); > */ > void aes_decrypt(u8 *in, u8 *expkey, u8 *out); > > +/** > + * aes_cbc_encrypt_blocks() - Encrypt multiple blocks of data with AES CBC. > + * > + * @key_exp Expanded key to use > + * @src Source data to encrypt > + * @dst Destination buffer > + * @num_aes_blocks Number of AES blocks to encrypt > + */ > +void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks); > + > #endif /* _AES_REF_H_ */ > diff --git a/lib/aes.c b/lib/aes.c > index e996b27..4df5dae 100644 > --- a/lib/aes.c > +++ b/lib/aes.c > @@ -580,3 +580,62 @@ void aes_decrypt(u8 *in, u8 *expkey, u8 *out) > > memcpy(out, state, sizeof(state)); > } > + > +static void debug_print_vector(char *name, u32 num_bytes, u8 *data) > +{ > + u32 i; > + > + debug("%s [%d] @0x%08x", name, num_bytes, (u32)data); > + for (i = 0; i < num_bytes; i++) { > + if (i % 16 == 0) > + debug(" = "); > + debug("%02x", data[i]); > + if ((i+1) % 16 != 0) > + debug(" "); > + } > + debug("\n"); Can we use print_buffer() here? > +} > + > +/** > + * Apply chain data to the destination using EOR > + * > + * Each array is of length AES_AES_KEY_LENGTH. > + * > + * @cbc_chain_data Chain data > + * @src Source data > + * @dst Destination data, which is modified here > + */ > +static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst) > +{ > + int i; > + > + for (i = 0; i < 16; i++) > + *dst++ = *src++ ^ *cbc_chain_data++; > +} > + > +void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks) > +{ > + u8 zero_key[AES_KEY_LENGTH] = { 0 }; > + u8 tmp_data[AES_KEY_LENGTH]; > + /* Convenient array of 0's for IV */ > + u8 *cbc_chain_data = zero_key; > + u32 i; > + > + for (i = 0; i < num_aes_blocks; i++) { > + debug("encrypt_object: block %d of %d\n", i, num_aes_blocks); > + debug_print_vector("AES Src", AES_KEY_LENGTH, src); > + > + /* Apply the chain data */ > + apply_cbc_chain_data(cbc_chain_data, src, tmp_data); > + debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data); > + > + /* Encrypt the AES block */ > + aes_encrypt(tmp_data, key_exp, dst); > + debug_print_vector("AES Dst", AES_KEY_LENGTH, dst); > + > + /* Update pointers for next loop. */ > + cbc_chain_data = dst; > + src += AES_KEY_LENGTH; > + dst += AES_KEY_LENGTH; > + } > +} > -- > 1.8.5.3 > > _______________________________________________ > U-Boot mailing list > U-Boot@lists.denx.de > http://lists.denx.de/mailman/listinfo/u-boot Regards, Simon
On Sunday, February 16, 2014 at 12:30:54 AM, Simon Glass wrote: > Hi Marek, > > On 5 February 2014 20:44, Marek Vasut <marex@denx.de> wrote: > > Move the AES-128-CBC encryption function implemented in > > tegra20-common/crypto.c into lib/aes.c . This is well re-usable common > > code. Moreover, clean the code up a bit and fix the kerneldoc-style > > annotations. > > > > Signed-off-by: Marek Vasut <marex@denx.de> Fixed all and V2 is out, thanks! Best regards, Marek Vasut
diff --git a/arch/arm/cpu/tegra20-common/crypto.c b/arch/arm/cpu/tegra20-common/crypto.c index 8209f76..b18e67c 100644 --- a/arch/arm/cpu/tegra20-common/crypto.c +++ b/arch/arm/cpu/tegra20-common/crypto.c @@ -19,74 +19,6 @@ enum security_op { SECURITY_ENCRYPT = 1 << 1, /* Encrypt the data */ }; -static void debug_print_vector(char *name, u32 num_bytes, u8 *data) -{ - u32 i; - - debug("%s [%d] @0x%08x", name, num_bytes, (u32)data); - for (i = 0; i < num_bytes; i++) { - if (i % 16 == 0) - debug(" = "); - debug("%02x", data[i]); - if ((i+1) % 16 != 0) - debug(" "); - } - debug("\n"); -} - -/** - * Apply chain data to the destination using EOR - * - * Each array is of length AES_AES_KEY_LENGTH. - * - * \param cbc_chain_data Chain data - * \param src Source data - * \param dst Destination data, which is modified here - */ -static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst) -{ - int i; - - for (i = 0; i < 16; i++) - *dst++ = *src++ ^ *cbc_chain_data++; -} - -/** - * Encrypt some data with AES. - * - * \param key_schedule Expanded key to use - * \param src Source data to encrypt - * \param dst Destination buffer - * \param num_aes_blocks Number of AES blocks to encrypt - */ -static void encrypt_object(u8 *key_schedule, u8 *src, u8 *dst, - u32 num_aes_blocks) -{ - u8 tmp_data[AES_KEY_LENGTH]; - u8 *cbc_chain_data; - u32 i; - - cbc_chain_data = zero_key; /* Convenient array of 0's for IV */ - - for (i = 0; i < num_aes_blocks; i++) { - debug("encrypt_object: block %d of %d\n", i, num_aes_blocks); - debug_print_vector("AES Src", AES_KEY_LENGTH, src); - - /* Apply the chain data */ - apply_cbc_chain_data(cbc_chain_data, src, tmp_data); - debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data); - - /* encrypt the AES block */ - aes_encrypt(tmp_data, key_schedule, dst); - debug_print_vector("AES Dst", AES_KEY_LENGTH, dst); - - /* Update pointers for next loop. */ - cbc_chain_data = dst; - src += AES_KEY_LENGTH; - dst += AES_KEY_LENGTH; - } -} - /** * Shift a vector left by one bit * @@ -129,7 +61,7 @@ static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst, for (i = 0; i < AES_KEY_LENGTH; i++) tmp_data[i] = 0; - encrypt_object(key_schedule, tmp_data, left, 1); + aes_cbc_encrypt_blocks(key_schedule, tmp_data, left, 1); debug_print_vector("AES(key, nonce)", AES_KEY_LENGTH, left); left_shift_vector(left, k1, sizeof(left)); @@ -193,7 +125,7 @@ static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src, if (oper & SECURITY_ENCRYPT) { /* Perform this in place, resulting in src being encrypted. */ debug("encrypt_and_sign: begin encryption\n"); - encrypt_object(key_schedule, src, src, num_aes_blocks); + aes_cbc_encrypt_blocks(key_schedule, src, src, num_aes_blocks); debug("encrypt_and_sign: end encryption\n"); } diff --git a/include/aes.h b/include/aes.h index c70eda6..d9bb387 100644 --- a/include/aes.h +++ b/include/aes.h @@ -53,4 +53,14 @@ void aes_encrypt(u8 *in, u8 *expkey, u8 *out); */ void aes_decrypt(u8 *in, u8 *expkey, u8 *out); +/** + * aes_cbc_encrypt_blocks() - Encrypt multiple blocks of data with AES CBC. + * + * @key_exp Expanded key to use + * @src Source data to encrypt + * @dst Destination buffer + * @num_aes_blocks Number of AES blocks to encrypt + */ +void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks); + #endif /* _AES_REF_H_ */ diff --git a/lib/aes.c b/lib/aes.c index e996b27..4df5dae 100644 --- a/lib/aes.c +++ b/lib/aes.c @@ -580,3 +580,62 @@ void aes_decrypt(u8 *in, u8 *expkey, u8 *out) memcpy(out, state, sizeof(state)); } + +static void debug_print_vector(char *name, u32 num_bytes, u8 *data) +{ + u32 i; + + debug("%s [%d] @0x%08x", name, num_bytes, (u32)data); + for (i = 0; i < num_bytes; i++) { + if (i % 16 == 0) + debug(" = "); + debug("%02x", data[i]); + if ((i+1) % 16 != 0) + debug(" "); + } + debug("\n"); +} + +/** + * Apply chain data to the destination using EOR + * + * Each array is of length AES_AES_KEY_LENGTH. + * + * @cbc_chain_data Chain data + * @src Source data + * @dst Destination data, which is modified here + */ +static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst) +{ + int i; + + for (i = 0; i < 16; i++) + *dst++ = *src++ ^ *cbc_chain_data++; +} + +void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks) +{ + u8 zero_key[AES_KEY_LENGTH] = { 0 }; + u8 tmp_data[AES_KEY_LENGTH]; + /* Convenient array of 0's for IV */ + u8 *cbc_chain_data = zero_key; + u32 i; + + for (i = 0; i < num_aes_blocks; i++) { + debug("encrypt_object: block %d of %d\n", i, num_aes_blocks); + debug_print_vector("AES Src", AES_KEY_LENGTH, src); + + /* Apply the chain data */ + apply_cbc_chain_data(cbc_chain_data, src, tmp_data); + debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data); + + /* Encrypt the AES block */ + aes_encrypt(tmp_data, key_exp, dst); + debug_print_vector("AES Dst", AES_KEY_LENGTH, dst); + + /* Update pointers for next loop. */ + cbc_chain_data = dst; + src += AES_KEY_LENGTH; + dst += AES_KEY_LENGTH; + } +}
Move the AES-128-CBC encryption function implemented in tegra20-common/crypto.c into lib/aes.c . This is well re-usable common code. Moreover, clean the code up a bit and fix the kerneldoc-style annotations. Signed-off-by: Marek Vasut <marex@denx.de> --- arch/arm/cpu/tegra20-common/crypto.c | 72 +----------------------------------- include/aes.h | 10 +++++ lib/aes.c | 59 +++++++++++++++++++++++++++++ 3 files changed, 71 insertions(+), 70 deletions(-)