aes: Allow non-zero initialization vector

AES encryption in CBC mode, in most cases, must be used with random
initialization vector. Using the same key and initialization vector several
times is weak and must be avoided.

Added iv parameter to the aes_cbc_encrypt_blocks and aes_cbc_decrypt_blocks
functions for passing initialization vector.

Command 'aes' now also require the initialization vector parameter.

Signed-off-by: Andrey Mozzhuhin <amozzhuhin@yandex.ru>

1 files changed, 6 insertions, 2 deletions

diff --git a/include/uboot_aes.h b/include/uboot_aes.h
index 6315c02..b651bca 100644
--- a/include/uboot_aes.h
+++ b/include/uboot_aes.h
@@ -75,20 +75,24 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst);
  * aes_cbc_encrypt_blocks() - Encrypt multiple blocks of data with AES CBC.
  *
  * @key_exp		Expanded key to use
+ * @iv			Initialization vector
  * @src			Source data to encrypt
  * @dst			Destination buffer
  * @num_aes_blocks	Number of AES blocks to encrypt
  */
-void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks);
+void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
+			    u32 num_aes_blocks);
 
 /**
  * Decrypt multiple blocks of data with AES CBC.
  *
  * @key_exp		Expanded key to use
+ * @iv			Initialization vector
  * @src			Source data to decrypt
  * @dst			Destination buffer
  * @num_aes_blocks	Number of AES blocks to decrypt
  */
-void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks);
+void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
+			    u32 num_aes_blocks);
 
 #endif /* _AES_REF_H_ */