From af09eba64f808946c6c901436e7dfabd17a11498 Mon Sep 17 00:00:00 2001 From: Андрей Мозжухин Date: Wed, 3 Jan 2018 15:43:56 +0300 Subject: aes: Allow non-zero initialization vector AES encryption in CBC mode, in most cases, must be used with random initialization vector. Using the same key and initialization vector several times is weak and must be avoided. Added iv parameter to the aes_cbc_encrypt_blocks and aes_cbc_decrypt_blocks functions for passing initialization vector. Command 'aes' now also require the initialization vector parameter. Signed-off-by: Andrey Mozzhuhin --- cmd/aes.c | 44 +++++++++++++++++++++++++------------------- 1 file changed, 25 insertions(+), 19 deletions(-) (limited to 'cmd') diff --git a/cmd/aes.c b/cmd/aes.c index ee1ae13c06e..9d1a740beea 100644 --- a/cmd/aes.c +++ b/cmd/aes.c @@ -28,13 +28,13 @@ DECLARE_GLOBAL_DATA_PTR; */ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) { - uint32_t key_addr, src_addr, dst_addr, len; - uint8_t *key_ptr, *src_ptr, *dst_ptr; + uint32_t key_addr, iv_addr, src_addr, dst_addr, len; + uint8_t *key_ptr, *iv_ptr, *src_ptr, *dst_ptr; uint8_t key_exp[AES_EXPAND_KEY_LENGTH]; uint32_t aes_blocks; int enc; - if (argc != 6) + if (argc != 7) return CMD_RET_USAGE; if (!strncmp(argv[1], "enc", 3)) @@ -45,11 +45,13 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) return CMD_RET_USAGE; key_addr = simple_strtoul(argv[2], NULL, 16); - src_addr = simple_strtoul(argv[3], NULL, 16); - dst_addr = simple_strtoul(argv[4], NULL, 16); - len = simple_strtoul(argv[5], NULL, 16); + iv_addr = simple_strtoul(argv[3], NULL, 16); + src_addr = simple_strtoul(argv[4], NULL, 16); + dst_addr = simple_strtoul(argv[5], NULL, 16); + len = simple_strtoul(argv[6], NULL, 16); key_ptr = (uint8_t *)key_addr; + iv_ptr = (uint8_t *)iv_addr; src_ptr = (uint8_t *)src_addr; dst_ptr = (uint8_t *)dst_addr; @@ -60,9 +62,11 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH); if (enc) - aes_cbc_encrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks); + aes_cbc_encrypt_blocks(key_exp, iv_ptr, src_ptr, dst_ptr, + aes_blocks); else - aes_cbc_decrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks); + aes_cbc_decrypt_blocks(key_exp, iv_ptr, src_ptr, dst_ptr, + aes_blocks); return 0; } @@ -70,20 +74,22 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) /***************************************************/ #ifdef CONFIG_SYS_LONGHELP static char aes_help_text[] = - "enc key src dst len - Encrypt block of data $len bytes long\n" - " at address $src using a key at address\n" - " $key and store the result at address\n" - " $dst. The $len size must be multiple of\n" - " 16 bytes and $key must be 16 bytes long.\n" - "aes dec key src dst len - Decrypt block of data $len bytes long\n" - " at address $src using a key at address\n" - " $key and store the result at address\n" - " $dst. The $len size must be multiple of\n" - " 16 bytes and $key must be 16 bytes long."; + "enc key iv src dst len - Encrypt block of data $len bytes long\n" + " at address $src using a key at address\n" + " $key with initialization vector at address\n" + " $iv. Store the result at address $dst.\n" + " The $len size must be multiple of 16 bytes.\n" + " The $key and $iv must be 16 bytes long.\n" + "aes dec key iv src dst len - Decrypt block of data $len bytes long\n" + " at address $src using a key at address\n" + " $key with initialization vector at address\n" + " $iv. Store the result at address $dst.\n" + " The $len size must be multiple of 16 bytes.\n" + " The $key and $iv must be 16 bytes long."; #endif U_BOOT_CMD( - aes, 6, 1, do_aes, + aes, 7, 1, do_aes, "AES 128 CBC encryption", aes_help_text ); -- cgit v1.2.3