From af09eba64f808946c6c901436e7dfabd17a11498 Mon Sep 17 00:00:00 2001 From: Андрей Мозжухин Date: Wed, 3 Jan 2018 15:43:56 +0300 Subject: aes: Allow non-zero initialization vector AES encryption in CBC mode, in most cases, must be used with random initialization vector. Using the same key and initialization vector several times is weak and must be avoided. Added iv parameter to the aes_cbc_encrypt_blocks and aes_cbc_decrypt_blocks functions for passing initialization vector. Command 'aes' now also require the initialization vector parameter. Signed-off-by: Andrey Mozzhuhin --- include/uboot_aes.h | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/uboot_aes.h b/include/uboot_aes.h index 6315c02aa93..b651bca1c95 100644 --- a/include/uboot_aes.h +++ b/include/uboot_aes.h @@ -75,20 +75,24 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst); * aes_cbc_encrypt_blocks() - Encrypt multiple blocks of data with AES CBC. * * @key_exp Expanded key to use + * @iv Initialization vector * @src Source data to encrypt * @dst Destination buffer * @num_aes_blocks Number of AES blocks to encrypt */ -void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks); +void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, + u32 num_aes_blocks); /** * Decrypt multiple blocks of data with AES CBC. * * @key_exp Expanded key to use + * @iv Initialization vector * @src Source data to decrypt * @dst Destination buffer * @num_aes_blocks Number of AES blocks to decrypt */ -void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks); +void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, + u32 num_aes_blocks); #endif /* _AES_REF_H_ */ -- cgit v1.3.1