Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
phyus
/
uboot-vybrid_public
8
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Puu: 7f14f30a6d
Haarat Tagit
uboot-vybrid_pu...
/
arch
/
arm
/
cpu
/
tegra20-common
/
crypto.c

crypto.c 6.4 KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230 
  1. /*
    2. 

  2.  * Copyright (c) 2011 The Chromium OS Authors.
    3. 

  3.  * (C) Copyright 2010 - 2011 NVIDIA Corporation <www.nvidia.com>
    4. 

  4.  *
    5. 

  5.  * See file CREDITS for list of people who contributed to this
    6. 

  6.  * project.
    7. 

  7.  *
    8. 

  8.  * This program is free software; you can redistribute it and/or
    9. 

  9.  * modify it under the terms of the GNU General Public License as
    10. 

  10.  * published by the Free Software Foundation; either version 2 of
    11. 

  11.  * the License, or (at your option) any later version.
    12. 

  12.  *
    13. 

  13.  * This program is distributed in the hope that it will be useful,
    14. 

  14.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    15. 

  15.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    16. 

  16.  * GNU General Public License for more details.
    17. 

  17.  *
    18. 

  18.  * You should have received a copy of the GNU General Public License
    19. 

  19.  * along with this program; if not, write to the Free Software
    20. 

  20.  * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
    21. 

  21.  * MA 02111-1307 USA
    22. 

  22.  */
    23. 

  23. 

  24. #include <common.h>
    25. 

  25. #include <asm/errno.h>
    26. 

  26. #include "crypto.h"
    27. 

  27. #include "aes.h"
    28. 

  28. 

  29. static u8 zero_key[16];
    30. 

  30. 

  31. #define AES_CMAC_CONST_RB 0x87  /* from RFC 4493, Figure 2.2 */
    32. 

  32. 

  33. enum security_op {
    34. 

  34. 	SECURITY_SIGN		= 1 << 0,	/* Sign the data */
    35. 

  35. 	SECURITY_ENCRYPT	= 1 << 1,	/* Encrypt the data */
    36. 

  36. };
    37. 

  37. 

  38. static void debug_print_vector(char *name, u32 num_bytes, u8 *data)
    39. 

  39. {
    40. 

  40. 	u32 i;
    41. 

  41. 

  42. 	debug("%s [%d] @0x%08x", name, num_bytes, (u32)data);
    43. 

  43. 	for (i = 0; i < num_bytes; i++) {
    44. 

  44. 		if (i % 16 == 0)
    45. 

  45. 			debug(" = ");
    46. 

  46. 		debug("%02x", data[i]);
    47. 

  47. 		if ((i+1) % 16 != 0)
    48. 

  48. 			debug(" ");
    49. 

  49. 	}
    50. 

  50. 	debug("\n");
    51. 

  51. }
    52. 

  52. 

  53. /**
    54. 

  54.  * Apply chain data to the destination using EOR
    55. 

  55.  *
    56. 

  56.  * Each array is of length AES_AES_KEY_LENGTH.
    57. 

  57.  *
    58. 

  58.  * \param cbc_chain_data	Chain data
    59. 

  59.  * \param src			Source data
    60. 

  60.  * \param dst			Destination data, which is modified here
    61. 

  61.  */
    62. 

  62. static void apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst)
    63. 

  63. {
    64. 

  64. 	int i;
    65. 

  65. 

  66. 	for (i = 0; i < 16; i++)
    67. 

  67. 		*dst++ = *src++ ^ *cbc_chain_data++;
    68. 

  68. }
    69. 

  69. 

  70. /**
    71. 

  71.  * Encrypt some data with AES.
    72. 

  72.  *
    73. 

  73.  * \param key_schedule		Expanded key to use
    74. 

  74.  * \param src			Source data to encrypt
    75. 

  75.  * \param dst			Destination buffer
    76. 

  76.  * \param num_aes_blocks	Number of AES blocks to encrypt
    77. 

  77.  */
    78. 

  78. static void encrypt_object(u8 *key_schedule, u8 *src, u8 *dst,
    79. 

  79. 			   u32 num_aes_blocks)
    80. 

  80. {
    81. 

  81. 	u8 tmp_data[AES_KEY_LENGTH];
    82. 

  82. 	u8 *cbc_chain_data;
    83. 

  83. 	u32 i;
    84. 

  84. 

  85. 	cbc_chain_data = zero_key;	/* Convenient array of 0's for IV */
    86. 

  86. 

  87. 	for (i = 0; i < num_aes_blocks; i++) {
    88. 

  88. 		debug("encrypt_object: block %d of %d\n", i, num_aes_blocks);
    89. 

  89. 		debug_print_vector("AES Src", AES_KEY_LENGTH, src);
    90. 

  90. 

  91. 		/* Apply the chain data */
    92. 

  92. 		apply_cbc_chain_data(cbc_chain_data, src, tmp_data);
    93. 

  93. 		debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data);
    94. 

  94. 

  95. 		/* encrypt the AES block */
    96. 

  96. 		aes_encrypt(tmp_data, key_schedule, dst);
    97. 

  97. 		debug_print_vector("AES Dst", AES_KEY_LENGTH, dst);
    98. 

  98. 

  99. 		/* Update pointers for next loop. */
    100. 

  100. 		cbc_chain_data = dst;
    101. 

  101. 		src += AES_KEY_LENGTH;
    102. 

  102. 		dst += AES_KEY_LENGTH;
    103. 

  103. 	}
    104. 

  104. }
    105. 

  105. 

  106. /**
    107. 

  107.  * Shift a vector left by one bit
    108. 

  108.  *
    109. 

  109.  * \param in	Input vector
    110. 

  110.  * \param out	Output vector
    111. 

  111.  * \param size	Length of vector in bytes
    112. 

  112.  */
    113. 

  113. static void left_shift_vector(u8 *in, u8 *out, int size)
    114. 

  114. {
    115. 

  115. 	int carry = 0;
    116. 

  116. 	int i;
    117. 

  117. 

  118. 	for (i = size - 1; i >= 0; i--) {
    119. 

  119. 		out[i] = (in[i] << 1) | carry;
    120. 

  120. 		carry = in[i] >> 7;	/* get most significant bit */
    121. 

  121. 	}
    122. 

  122. }
    123. 

  123. 

  124. /**
    125. 

  125.  * Sign a block of data, putting the result into dst.
    126. 

  126.  *
    127. 

  127.  * \param key			Input AES key, length AES_KEY_LENGTH
    128. 

  128.  * \param key_schedule		Expanded key to use
    129. 

  129.  * \param src			Source data of length 'num_aes_blocks' blocks
    130. 

  130.  * \param dst			Destination buffer, length AES_KEY_LENGTH
    131. 

  131.  * \param num_aes_blocks	Number of AES blocks to encrypt
    132. 

  132.  */
    133. 

  133. static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst,
    134. 

  134. 			u32 num_aes_blocks)
    135. 

  135. {
    136. 

  136. 	u8 tmp_data[AES_KEY_LENGTH];
    137. 

  137. 	u8 left[AES_KEY_LENGTH];
    138. 

  138. 	u8 k1[AES_KEY_LENGTH];
    139. 

  139. 	u8 *cbc_chain_data;
    140. 

  140. 	unsigned i;
    141. 

  141. 

  142. 	cbc_chain_data = zero_key;	/* Convenient array of 0's for IV */
    143. 

  143. 

  144. 	/* compute K1 constant needed by AES-CMAC calculation */
    145. 

  145. 	for (i = 0; i < AES_KEY_LENGTH; i++)
    146. 

  146. 		tmp_data[i] = 0;
    147. 

  147. 

  148. 	encrypt_object(key_schedule, tmp_data, left, 1);
    149. 

  149. 	debug_print_vector("AES(key, nonce)", AES_KEY_LENGTH, left);
    150. 

  150. 

  151. 	left_shift_vector(left, k1, sizeof(left));
    152. 

  152. 	debug_print_vector("L", AES_KEY_LENGTH, left);
    153. 

  153. 

  154. 	if ((left[0] >> 7) != 0) /* get MSB of L */
    155. 

  155. 		k1[AES_KEY_LENGTH-1] ^= AES_CMAC_CONST_RB;
    156. 

  156. 	debug_print_vector("K1", AES_KEY_LENGTH, k1);
    157. 

  157. 

  158. 	/* compute the AES-CMAC value */
    159. 

  159. 	for (i = 0; i < num_aes_blocks; i++) {
    160. 

  160. 		/* Apply the chain data */
    161. 

  161. 		apply_cbc_chain_data(cbc_chain_data, src, tmp_data);
    162. 

  162. 

  163. 		/* for the final block, XOR K1 into the IV */
    164. 

  164. 		if (i == num_aes_blocks - 1)
    165. 

  165. 			apply_cbc_chain_data(tmp_data, k1, tmp_data);
    166. 

  166. 

  167. 		/* encrypt the AES block */
    168. 

  168. 		aes_encrypt(tmp_data, key_schedule, dst);
    169. 

  169. 

  170. 		debug("sign_obj: block %d of %d\n", i, num_aes_blocks);
    171. 

  171. 		debug_print_vector("AES-CMAC Src", AES_KEY_LENGTH, src);
    172. 

  172. 		debug_print_vector("AES-CMAC Xor", AES_KEY_LENGTH, tmp_data);
    173. 

  173. 		debug_print_vector("AES-CMAC Dst", AES_KEY_LENGTH, dst);
    174. 

  174. 

  175. 		/* Update pointers for next loop. */
    176. 

  176. 		cbc_chain_data = dst;
    177. 

  177. 		src += AES_KEY_LENGTH;
    178. 

  178. 	}
    179. 

  179. 

  180. 	debug_print_vector("AES-CMAC Hash", AES_KEY_LENGTH, dst);
    181. 

  181. }
    182. 

  182. 

  183. /**
    184. 

  184.  * Encrypt and sign a block of data (depending on security mode).
    185. 

  185.  *
    186. 

  186.  * \param key		Input AES key, length AES_KEY_LENGTH
    187. 

  187.  * \param oper		Security operations mask to perform (enum security_op)
    188. 

  188.  * \param src		Source data
    189. 

  189.  * \param length	Size of source data
    190. 

  190.  * \param sig_dst	Destination address for signature, AES_KEY_LENGTH bytes
    191. 

  191.  */
    192. 

  192. static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src,
    193. 

  193. 			    u32 length, u8 *sig_dst)
    194. 

  194. {
    195. 

  195. 	u32 num_aes_blocks;
    196. 

  196. 	u8 key_schedule[AES_EXPAND_KEY_LENGTH];
    197. 

  197. 

  198. 	debug("encrypt_and_sign: length = %d\n", length);
    199. 

  199. 	debug_print_vector("AES key", AES_KEY_LENGTH, key);
    200. 

  200. 

  201. 	/*
    202. 

  202. 	 * The only need for a key is for signing/checksum purposes, so
    203. 

  203. 	 * if not encrypting, expand a key of 0s.
    204. 

  204. 	 */
    205. 

  205. 	aes_expand_key(oper & SECURITY_ENCRYPT ? key : zero_key, key_schedule);
    206. 

  206. 

  207. 	num_aes_blocks = (length + AES_KEY_LENGTH - 1) / AES_KEY_LENGTH;
    208. 

  208. 

  209. 	if (oper & SECURITY_ENCRYPT) {
    210. 

  210. 		/* Perform this in place, resulting in src being encrypted. */
    211. 

  211. 		debug("encrypt_and_sign: begin encryption\n");
    212. 

  212. 		encrypt_object(key_schedule, src, src, num_aes_blocks);
    213. 

  213. 		debug("encrypt_and_sign: end encryption\n");
    214. 

  214. 	}
    215. 

  215. 

  216. 	if (oper & SECURITY_SIGN) {
    217. 

  217. 		/* encrypt the data, overwriting the result in signature. */
    218. 

  218. 		debug("encrypt_and_sign: begin signing\n");
    219. 

  219. 		sign_object(key, key_schedule, src, sig_dst, num_aes_blocks);
    220. 

  220. 		debug("encrypt_and_sign: end signing\n");
    221. 

  221. 	}
    222. 

  222. 

  223. 	return 0;
    224. 

  224. }
    225. 

  225. 

  226. int sign_data_block(u8 *source, unsigned length, u8 *signature)
    227. 

  227. {
    228. 

  228. 	return encrypt_and_sign(zero_key, SECURITY_SIGN, source,
    229. 

  229. 				length, signature);
    230. 

  230. }
    231.