From patchwork Fri Oct 31 06:53:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 651 Return-Path: X-Original-To: u-boot-concept@u-boot.org Delivered-To: u-boot-concept@u-boot.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1761893709; bh=JITCSXyCCrkeKfbxtgcmjU7B42J7rQzaL5EYE0tKSuI=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=SKgXZa47qf47oQK7FDbI4U4JfoICghXzuWX2LvV0pDA7B/KJbQt5KrwpwGH+HuAlM 35qtlmJ4u+UK0AVOwL7nJXHiUAJiUQeQ15BkQA9APWhKHO1fzxwMxWI6WkFjaDUFp/ beH1PRgGQcir6Y4VcWKgWXSMm3dnQDay3/coVCvwG7DAtn2wbyGk1wMCrAT4ZakdGH weijtC7NyZNaNUoVPFp+t2bwD5x51vCUkRhKVE6EvymgnWii8Z4I94SlN/jQreqDjW QbEsVjbQ4B4WHIMqGnqV7DsUKUC0xerBDTOriBMOTPdmMFadONzLk8/0Ju9HLoY4lb ykhngiIwt2mOw== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id C462968361 for ; Fri, 31 Oct 2025 00:55:09 -0600 (MDT) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id EyqU4zTPBf52 for ; Fri, 31 Oct 2025 00:55:09 -0600 (MDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1761893708; bh=JITCSXyCCrkeKfbxtgcmjU7B42J7rQzaL5EYE0tKSuI=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=d8SqXt6LdPjX7XtefLgnMMrSMP6TKG+/+KWAxWInnVlnF+NMGUIEIY1VJsS0saAbW 9mEWW937iQ1z+JrFGXC0D3Cj+SeS3i1szcpaaeNMY6bB0s0TZ+35i+6SkxTdeZg43b LTUVUthK7d6aaljsvh+eiLfGolOTP+oCUao7lUWFdpXM79UExbOEobq25fhp7ePphq Sh66auB2lDSYZliZ3iMqpFC0xAK5yIJdn3DsS4w7f0q/xtB9uIHvxr6bruQiGe9pe9 4WWc1m1D4ur6I5HLWupTHHA8O8DRJN8e8MLBSoOxoKZvbS4POqtfkX7OhTX3sQokAr v9Z8FriAoqvcw== Received: from mail.u-boot.org (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id C62AC68321 for ; Fri, 31 Oct 2025 00:55:08 -0600 (MDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1761893706; bh=N7v1hzqEDfn/ObBA48UFCYU6Cu7e6ywUBOG/d+g5YG4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=su1CmUTbgslGKhdl2MfYn6m9+zRQZFaDsra9Ce3f/JiN9FfbcYw5wFp9QPrGEFJZK 9TOrcVQQU5/XjS7MHsFrczpFl1ffbOBdWRCsu4cG849iIOIPTjr0RTRnQRj7/R+nbv egEynR3J+05dmgHVW+t3zzMwoAi7rHzqtm+lRpeM8O2OGnAURRdcGZzqH4ex3jCyFr UsqScpzjghC/qd+9zsHyd0M05e/InGE62HpjLxXLWm/FpnWPnI17DWiEBsNqx/vuFH HRLaDlDyn5AvbZSDPhmYVapOFq/Lfa4MpEz0T6CKuNneSR3iEQu2//1n+T/TyvmPNj M6mOmzey5GjwQ== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 8517368320; Fri, 31 Oct 2025 00:55:06 -0600 (MDT) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10026) with ESMTP id 1k5bXW6CfRZ7; Fri, 31 Oct 2025 00:55:06 -0600 (MDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1761893706; bh=9793R8MCXz4Yyx+ozIaDk6zVEt1M+oyDsF5j+pDN40E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mUoVB4gmXWS34XfeYY/9BhCfT8ufeeEQQYO3qGqtTEaXQqqNNy9MhFj8IO1DpduMW IZ2XQlXX7kofQSK5B9XfIJBmusG5WLEk21XmSVd2l5vtSCNhaii2aFUIluhppFr0TK 696qO7097jSYqDeKSr/DvNPVUYV4c0copPiYiYLZVOpqp8qDYJrTRDJwcM+DGIaezS TD7Zv055RVCt92J8Zpp3E8R/p9vOzk2VG7JrxROMQzj2hpMu0H8tMjQPv7oqevJe4T cxcictedYJsU5tq/2cBga1hnKTLprUK9wUnWnkB4745tFdzI5nrHEmyM5fQm1mjUeZ wBtcOBhdm5Oow== Received: from u-boot.org (unknown [73.34.74.121]) by mail.u-boot.org (Postfix) with ESMTPSA id F09AF6827C; Fri, 31 Oct 2025 00:55:05 -0600 (MDT) From: Simon Glass To: U-Boot Concept Date: Fri, 31 Oct 2025 00:53:57 -0600 Message-ID: <20251031065439.3251464-2-sjg@u-boot.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251031065439.3251464-1-sjg@u-boot.org> References: <20251031065439.3251464-1-sjg@u-boot.org> MIME-Version: 1.0 Message-ID-Hash: DR3O4ERBI2RQMY72H74OVXPPOJC2UAKM X-Message-ID-Hash: DR3O4ERBI2RQMY72H74OVXPPOJC2UAKM X-MailFrom: sjg@u-boot.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Simon Glass , Claude X-Mailman-Version: 3.3.10 Precedence: list Subject: [Concept] [PATCH 01/24] aes: Fix key size handling for AES-192 and AES-256 List-Id: Discussion and patches related to U-Boot Concept Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Simon Glass At present the aes_get_rounds() and aes_get_keycols() functions compare the key_len parameter (in bits) directly against AES*_KEY_LENGTH constants (in bytes), causing incorrect round and column counts for non-128-bit keys. Additionally, aes_expand_key() uses key_len as a byte count in memcpy(), copying far more data than intended and causing buffer overflows. Specifically, for AES-256 (256-bit key) it comparies 256 (bits) against 32 (bytes), failing the comparison. This causes AES-256 to use AES-128 parameters (10 rounds instead of 14) and the memcpy() to copy 256 bytes instead of 32. Fix by converting key_len from bits to bytes before comparisons and in memcpy. With this we get: - AES-128 (128 bits / 16 bytes): 10 rounds, 4 key columns - AES-192 (192 bits / 24 bytes): 12 rounds, 6 key columns - AES-256 (256 bits / 32 bytes): 14 rounds, 8 key columns Co-developed-by: Claude Signed-off-by: Simon Glass Fixes: 8302d1708ae ("aes: add support of aes192 and aes256") --- lib/aes.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/lib/aes.c b/lib/aes.c index 39ad4a990f0..3bcbeeab9af 100644 --- a/lib/aes.c +++ b/lib/aes.c @@ -513,10 +513,11 @@ static u8 rcon[11] = { static u32 aes_get_rounds(u32 key_len) { u32 rounds = AES128_ROUNDS; + u32 key_len_bytes = key_len / 8; /* Convert bits to bytes */ - if (key_len == AES192_KEY_LENGTH) + if (key_len_bytes == AES192_KEY_LENGTH) rounds = AES192_ROUNDS; - else if (key_len == AES256_KEY_LENGTH) + else if (key_len_bytes == AES256_KEY_LENGTH) rounds = AES256_ROUNDS; return rounds; @@ -525,10 +526,11 @@ static u32 aes_get_rounds(u32 key_len) static u32 aes_get_keycols(u32 key_len) { u32 keycols = AES128_KEYCOLS; + u32 key_len_bytes = key_len / 8; /* Convert bits to bytes */ - if (key_len == AES192_KEY_LENGTH) + if (key_len_bytes == AES192_KEY_LENGTH) keycols = AES192_KEYCOLS; - else if (key_len == AES256_KEY_LENGTH) + else if (key_len_bytes == AES256_KEY_LENGTH) keycols = AES256_KEYCOLS; return keycols; @@ -538,12 +540,13 @@ static u32 aes_get_keycols(u32 key_len) void aes_expand_key(u8 *key, u32 key_len, u8 *expkey) { u8 tmp0, tmp1, tmp2, tmp3, tmp4; - u32 idx, aes_rounds, aes_keycols; + uint idx, aes_rounds, aes_keycols; aes_rounds = aes_get_rounds(key_len); aes_keycols = aes_get_keycols(key_len); - memcpy(expkey, key, key_len); + /* key_len is in bits; convert to bytes */ + memcpy(expkey, key, key_len / 8); for (idx = aes_keycols; idx < AES_STATECOLS * (aes_rounds + 1); idx++) { tmp0 = expkey[4*idx - 4];