summaryrefslogtreecommitdiff
path: root/drivers/crypto/aes
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/crypto/aes')
-rw-r--r--drivers/crypto/aes/Kconfig12
-rw-r--r--drivers/crypto/aes/Makefile4
-rw-r--r--drivers/crypto/aes/aes-sw.c167
-rw-r--r--drivers/crypto/aes/aes-uclass.c192
4 files changed, 375 insertions, 0 deletions
diff --git a/drivers/crypto/aes/Kconfig b/drivers/crypto/aes/Kconfig
new file mode 100644
index 00000000000..7e1b1b2875d
--- /dev/null
+++ b/drivers/crypto/aes/Kconfig
@@ -0,0 +1,12 @@
+config DM_AES
+ bool "Enable Driver Model for AES crypto operations"
+ depends on DM
+ help
+ If you want to use driver model for AES crypto operations, say Y.
+
+config AES_SOFTWARE
+ bool "Enable driver for AES in software"
+ depends on DM_AES && AES
+ help
+ Enable driver for AES crypto operations in software. Uses U-Boot
+ AES library.
diff --git a/drivers/crypto/aes/Makefile b/drivers/crypto/aes/Makefile
new file mode 100644
index 00000000000..d38a2e1526d
--- /dev/null
+++ b/drivers/crypto/aes/Makefile
@@ -0,0 +1,4 @@
+# SPDX-License-Identifier: GPL-2.0+
+
+obj-$(CONFIG_$(PHASE_)DM_AES) += aes-uclass.o
+obj-$(CONFIG_$(PHASE_)AES_SOFTWARE) += aes-sw.o
diff --git a/drivers/crypto/aes/aes-sw.c b/drivers/crypto/aes/aes-sw.c
new file mode 100644
index 00000000000..a65200fb79b
--- /dev/null
+++ b/drivers/crypto/aes/aes-sw.c
@@ -0,0 +1,167 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+#include <config.h>
+#include <dm.h>
+#include <log.h>
+#include <malloc.h>
+#include <uboot_aes.h>
+
+#define SW_KEY_SLOTS 2
+
+struct sw_aes_priv {
+ u8 key_slots[SW_KEY_SLOTS][AES256_KEY_LENGTH];
+ u8 key_schedule[AES256_EXPAND_KEY_LENGTH];
+ u8 selected_slot;
+ u32 selected_key_size;
+ bool key_expanded;
+};
+
+static int prepare_aes(struct sw_aes_priv *priv)
+{
+ if (!priv->selected_key_size) {
+ log_debug("%s: AES key size not set, setup a slot first\n", __func__);
+ return 1;
+ }
+
+ if (priv->key_expanded)
+ return 0;
+
+ priv->key_expanded = 1;
+
+ aes_expand_key(priv->key_slots[priv->selected_slot], priv->selected_key_size,
+ priv->key_schedule);
+
+ return 0;
+}
+
+static int sw_aes_ops_available_key_slots(struct udevice *dev)
+{
+ return SW_KEY_SLOTS;
+}
+
+static int sw_aes_ops_select_key_slot(struct udevice *dev, u32 key_size, u8 slot)
+{
+ struct sw_aes_priv *priv = dev_get_priv(dev);
+
+ if (slot >= SW_KEY_SLOTS)
+ return 1;
+
+ priv->selected_slot = slot;
+ priv->selected_key_size = key_size;
+ priv->key_expanded = 0;
+
+ return 0;
+}
+
+static int sw_aes_ops_set_key_for_key_slot(struct udevice *dev, u32 key_size,
+ u8 *key, u8 slot)
+{
+ struct sw_aes_priv *priv = dev_get_priv(dev);
+
+ if (slot >= SW_KEY_SLOTS)
+ return 1;
+
+ memcpy(priv->key_slots[slot], key, key_size / 8);
+
+ if (priv->selected_slot == slot)
+ priv->selected_key_size = key_size;
+
+ priv->key_expanded = 0;
+
+ return 0;
+}
+
+static int sw_aes_ops_aes_ecb_encrypt(struct udevice *dev, u8 *src, u8 *dst,
+ u32 num_aes_blocks)
+{
+ struct sw_aes_priv *priv = dev_get_priv(dev);
+ int ret;
+
+ ret = prepare_aes(priv);
+ if (ret)
+ return ret;
+
+ while (num_aes_blocks > 0) {
+ aes_encrypt(priv->selected_key_size, src, priv->key_schedule, dst);
+ num_aes_blocks -= 1;
+ src += AES_BLOCK_LENGTH;
+ dst += AES_BLOCK_LENGTH;
+ }
+
+ return 0;
+}
+
+static int sw_aes_ops_aes_ecb_decrypt(struct udevice *dev, u8 *src, u8 *dst,
+ u32 num_aes_blocks)
+{
+ struct sw_aes_priv *priv = dev_get_priv(dev);
+ int ret;
+
+ ret = prepare_aes(priv);
+ if (ret)
+ return ret;
+
+ while (num_aes_blocks > 0) {
+ aes_decrypt(priv->selected_key_size, src, priv->key_schedule, dst);
+ num_aes_blocks -= 1;
+ src += AES_BLOCK_LENGTH;
+ dst += AES_BLOCK_LENGTH;
+ }
+
+ return 0;
+}
+
+static int sw_aes_ops_aes_cbc_encrypt(struct udevice *dev, u8 *iv, u8 *src,
+ u8 *dst, u32 num_aes_blocks)
+{
+ struct sw_aes_priv *priv = dev_get_priv(dev);
+ int ret;
+
+ ret = prepare_aes(priv);
+ if (ret)
+ return ret;
+
+ aes_cbc_encrypt_blocks(priv->selected_key_size, priv->key_schedule, iv,
+ src, dst, num_aes_blocks);
+
+ return 0;
+}
+
+static int sw_aes_ops_aes_cbc_decrypt(struct udevice *dev, u8 *iv, u8 *src,
+ u8 *dst, u32 num_aes_blocks)
+{
+ struct sw_aes_priv *priv = dev_get_priv(dev);
+ int ret;
+
+ ret = prepare_aes(priv);
+ if (ret)
+ return ret;
+
+ aes_cbc_decrypt_blocks(priv->selected_key_size, priv->key_schedule,
+ iv, src, dst, num_aes_blocks);
+
+ return 0;
+}
+
+static const struct aes_ops aes_ops_sw = {
+ .available_key_slots = sw_aes_ops_available_key_slots,
+ .select_key_slot = sw_aes_ops_select_key_slot,
+ .set_key_for_key_slot = sw_aes_ops_set_key_for_key_slot,
+ .aes_ecb_encrypt = sw_aes_ops_aes_ecb_encrypt,
+ .aes_ecb_decrypt = sw_aes_ops_aes_ecb_decrypt,
+ .aes_cbc_encrypt = sw_aes_ops_aes_cbc_encrypt,
+ .aes_cbc_decrypt = sw_aes_ops_aes_cbc_decrypt,
+};
+
+static const struct udevice_id sw_aes_ids[] = {
+ { .compatible = "software-aes-engine" },
+ { }
+};
+
+U_BOOT_DRIVER(aes_sw) = {
+ .name = "aes_sw",
+ .id = UCLASS_AES,
+ .of_match = sw_aes_ids,
+ .ops = &aes_ops_sw,
+ .priv_auto = sizeof(struct sw_aes_priv),
+};
diff --git a/drivers/crypto/aes/aes-uclass.c b/drivers/crypto/aes/aes-uclass.c
new file mode 100644
index 00000000000..745c6ce57a9
--- /dev/null
+++ b/drivers/crypto/aes/aes-uclass.c
@@ -0,0 +1,192 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+#define LOG_CATEGORY UCLASS_AES
+
+#include <dm.h>
+#include <malloc.h>
+#include <log.h>
+#include <uboot_aes.h>
+#include <linux/string.h>
+
+int dm_aes_get_available_key_slots(struct udevice *dev)
+{
+ const struct aes_ops *ops;
+
+ if (!dev)
+ return -ENODEV;
+
+ ops = aes_get_ops(dev);
+
+ if (!ops->available_key_slots)
+ return -ENOSYS;
+
+ return ops->available_key_slots(dev);
+}
+
+int dm_aes_select_key_slot(struct udevice *dev, u32 key_size, u8 slot)
+{
+ const struct aes_ops *ops;
+
+ if (!dev)
+ return -ENODEV;
+
+ ops = aes_get_ops(dev);
+
+ if (!ops->select_key_slot)
+ return -ENOSYS;
+
+ return ops->select_key_slot(dev, key_size, slot);
+}
+
+int dm_aes_set_key_for_key_slot(struct udevice *dev, u32 key_size, u8 *key, u8 slot)
+{
+ const struct aes_ops *ops;
+
+ if (!dev)
+ return -ENODEV;
+
+ ops = aes_get_ops(dev);
+
+ if (!ops->set_key_for_key_slot)
+ return -ENOSYS;
+
+ return ops->set_key_for_key_slot(dev, key_size, key, slot);
+}
+
+int dm_aes_ecb_encrypt(struct udevice *dev, u8 *src, u8 *dst, u32 num_aes_blocks)
+{
+ const struct aes_ops *ops;
+
+ if (!dev)
+ return -ENODEV;
+
+ ops = aes_get_ops(dev);
+
+ if (!ops->aes_ecb_encrypt)
+ return -ENOSYS;
+
+ return ops->aes_ecb_encrypt(dev, src, dst, num_aes_blocks);
+}
+
+int dm_aes_ecb_decrypt(struct udevice *dev, u8 *src, u8 *dst, u32 num_aes_blocks)
+{
+ const struct aes_ops *ops;
+
+ if (!dev)
+ return -ENODEV;
+
+ ops = aes_get_ops(dev);
+
+ if (!ops->aes_ecb_decrypt)
+ return -ENOSYS;
+
+ return ops->aes_ecb_decrypt(dev, src, dst, num_aes_blocks);
+}
+
+int dm_aes_cbc_encrypt(struct udevice *dev, u8 *iv, u8 *src, u8 *dst, u32 num_aes_blocks)
+{
+ const struct aes_ops *ops;
+
+ if (!dev)
+ return -ENODEV;
+
+ ops = aes_get_ops(dev);
+
+ if (!ops->aes_cbc_encrypt)
+ return -ENOSYS;
+
+ return ops->aes_cbc_encrypt(dev, iv, src, dst, num_aes_blocks);
+}
+
+int dm_aes_cbc_decrypt(struct udevice *dev, u8 *iv, u8 *src, u8 *dst, u32 num_aes_blocks)
+{
+ const struct aes_ops *ops;
+
+ if (!dev)
+ return -ENODEV;
+
+ ops = aes_get_ops(dev);
+
+ if (!ops->aes_cbc_decrypt)
+ return -ENOSYS;
+
+ return ops->aes_cbc_decrypt(dev, iv, src, dst, num_aes_blocks);
+}
+
+static void left_shift_vector(u8 *in, u8 *out, int size)
+{
+ int carry = 0;
+ int i;
+
+ for (i = size - 1; i >= 0; i--) {
+ out[i] = (in[i] << 1) | carry;
+ carry = in[i] >> 7; /* get most significant bit */
+ }
+}
+
+int dm_aes_cmac(struct udevice *dev, u8 *src, u8 *dst, u32 num_aes_blocks)
+{
+ const u8 AES_CMAC_CONST_RB = 0x87; /* from RFC 4493, Figure 2.2 */
+ const u32 TMP_BUFFER_LEN = 128;
+ u8 tmp_block[AES128_KEY_LENGTH] = { };
+ u8 k1[AES128_KEY_LENGTH];
+ u8 *tmp_buffer;
+ int ret;
+
+ log_debug("%s: 0x%p -> %p blocks %d\n", __func__, src, dst, num_aes_blocks);
+
+ if (!num_aes_blocks) {
+ log_debug("%s: called with 0 blocks!\n", __func__);
+ return -1;
+ }
+
+ /* Compute K1 constant needed by AES-CMAC calculation */
+ ret = dm_aes_cbc_encrypt(dev, (u8 *)AES_ZERO_BLOCK, (u8 *)AES_ZERO_BLOCK, tmp_block, 1);
+ if (ret)
+ return -1;
+
+ left_shift_vector(tmp_block, k1, AES_BLOCK_LENGTH);
+
+ if ((tmp_block[0] >> 7) != 0) /* get MSB of L */
+ k1[AES128_KEY_LENGTH - 1] ^= AES_CMAC_CONST_RB;
+
+ /* Set what will be the initial IV as zero */
+ memset(tmp_block, 0, AES_BLOCK_LENGTH);
+
+ /* Process all blocks except last by calling engine several times per dma buffer size */
+ if (num_aes_blocks > 1) {
+ tmp_buffer = malloc(AES_BLOCK_LENGTH * min(num_aes_blocks - 1, TMP_BUFFER_LEN));
+ while (num_aes_blocks > 1) {
+ u32 blocks = min(num_aes_blocks - 1, TMP_BUFFER_LEN);
+
+ /* Encrypt the current remaining set of blocks that fits in tmp buffer */
+ ret = dm_aes_cbc_encrypt(dev, tmp_block, src, tmp_buffer, blocks);
+ if (ret)
+ return -1;
+
+ num_aes_blocks -= blocks;
+ src += blocks * AES_BLOCK_LENGTH;
+
+ /* Copy the last encrypted block to tmp_block as IV */
+ memcpy(tmp_block, tmp_buffer + ((blocks - 1) * AES_BLOCK_LENGTH),
+ AES_BLOCK_LENGTH);
+ }
+ free(tmp_buffer);
+ }
+
+ if (num_aes_blocks != 1) {
+ log_debug("%s: left with %d blocks! must be 1\n", __func__, num_aes_blocks);
+ return -1;
+ }
+
+ /* XOR last IV with K1 */
+ aes_apply_cbc_chain_data(tmp_block, k1, tmp_block);
+
+ /* Encrypt the last src block already with tmp_block as IV and output to dst */
+ return dm_aes_cbc_encrypt(dev, tmp_block, src, dst, 1);
+}
+
+UCLASS_DRIVER(aes) = {
+ .id = UCLASS_AES,
+ .name = "aes",
+};
generated by cgit v1.2.3 (git 2.0.4) at 2025-07-14 03:49:43 +0000