1、AES介绍
Kendryte K210 内置 AES(高级加密加速器),相对于软件可以极⼤的提高 AES 运算速度。 AES 加速器支持多种加密/解密模式(ECB,CBC,GCM),多种⻓度的 KEY(ECB,CBC,GCM)的运算。
AES 加速器是用来加密和解密的模块,具体性能如下:
1. 支持 ECB , CBC , GCM 三种加密方式
2. 支持 128 位, 192 位, 256 位三种长度的 KEY
3. KEY 可以通过软件配置,受到硬件电路保护
4. 支持 DMA 传输
Kendryte K210 提供了非常多操作 AES 的 API 函数,我们这里就不一一详细讲解,大家可
以自行参考官方库文件 aes.c 和 aes.h ,本章以 AES256 实验为例,以表格的形式讲述部分用到的
函数,这些函数介绍如下:
上表介绍了 AES256 操作所用到的所有 API 函数。
2、源码案例
计算并打印输出 AES 的 ECB 模式、 CBC 模式和 GCM 模式对数据加密处理的时间(包软件和硬件的对比时间,CPU 和 DMA 使用的是硬件的 AES )
main.c代码:
int main(void)
{aes_cipher_mode_t cipher;printf("begin test %d\n", get_time_flag);for (cipher = AES_ECB; cipher < AES_CIPHER_MAX; cipher++){printf("[%s] test all byte ... \n", cipher_name[cipher]);if (AES_CHECK_FAIL == aes_check_all_byte(cipher)){printf("aes %s check_all_byte fail\n", cipher_name[cipher]);return -1;}printf("[%s] test all key ... \n", cipher_name[cipher]);if (AES_CHECK_FAIL == aes_check_all_key(cipher)){ printf("aes %s check_all_key fail\n", cipher_name[cipher]);return -1;}printf("[%s] test all iv ... \n", cipher_name[cipher]);if (AES_CHECK_FAIL == aes_check_all_iv(cipher)){printf("aes %s check_all_iv fail\n", cipher_name[cipher]);return -1;}printf("[%s] [%ld bytes] cpu time = %ld us, dma time = %ld us, soft time = %ld us\n", cipher_name[cipher], AES_TEST_DATA_LEN,cycle[cipher][AES_HARD][AES_CPU]/(sysctl_clock_get_freq(SYSCTL_CLOCK_CPU)/1000000),cycle[cipher][AES_HARD][AES_DMA]/(sysctl_clock_get_freq(SYSCTL_CLOCK_CPU)/1000000),cycle[cipher][AES_SOFT][AES_CPU]/(sysctl_clock_get_freq(SYSCTL_CLOCK_CPU)/1000000));}printf("aes-256 test pass\n");
while (1)
;return 0;
} 可 以 看 到 , mian 函 数 主 要 的 功 能 是 通过一个 for 循 环 , 把 AES 的 三 种 模 式
( ECB/CBC/GCM )对应的时间打印出来。
check_result_t aes_check_all_byte(aes_cipher_mode_t cipher)
{uint32_t check_tag = 0;uint32_t index = 0;size_t data_len = 0;memset(aes_hard_in_data, 0, AES_TEST_PADDING_LEN);if (cipher == AES_GCM)iv_len = iv_gcm_len;for (index = 0; index < (AES_TEST_DATA_LEN < 256 ? AES_TEST_DATA_LEN : 256);index++){aes_hard_in_data[index] = index;data_len++;AES_DBG("[%s] test num: %ld \n", cipher_name[cipher], data_len);aes_hard_in_data, data_len) == AES_CHECK_FAIL)check_tag = 1;}memset(aes_hard_in_data, 0, AES_TEST_PADDING_LEN);get_time_flag = 1;data_len = AES_TEST_DATA_LEN;AES_DBG("[%s] test num: %ld \n", cipher_name[cipher], data_len);for (index = 0; index < data_len; index++)aes_hard_in_data[index] = index % 256;if (aes_check(aes_key, key_len, aes_iv, iv_len, aes_aad, aad_len, cipher,aes_hard_in_data, data_len) == AES_CHECK_FAIL)check_tag = 1;get_time_flag = 0;if(check_tag)return AES_CHECK_FAIL;elsereturn AES_CHECK_PASS;
} AES 检测所有 byte 。
check_result_t aes_check_all_key(aes_cipher_mode_t cipher)
{size_t data_len = 0;uint32_t index = 0;uint32_t i = 0;uint32_t check_tag = 0;memset(aes_hard_in_data, 0, AES_TEST_PADDING_LEN);if (cipher == AES_GCM)iv_len = iv_gcm_len;data_len = AES_TEST_DATA_LEN;for (index = 0; index < data_len; index++)aes_hard_in_data[index] = index;for (i = 0; i < (256 / key_len); i++){for (index = i * key_len; index < (i * key_len) + key_len; index++)aes_key[index - (i * key_len)] = index;if (aes_check(aes_key, key_len, aes_iv, iv_len, aes_aad, aad_len, cipher,aes_hard_in_data, data_len) == AES_CHECK_FAIL)check_tag = 1;}if(check_tag)return AES_CHECK_FAIL;elsereturn AES_CHECK_PASS;
} AES 检测所有 key 。
check_result_t aes_check_all_iv(aes_cipher_mode_t cipher)
{size_t data_len = 0;uint32_t index = 0;uint32_t i = 0;uint8_t check_tag = 0;memset(aes_hard_in_data, 0, AES_TEST_PADDING_LEN);if (cipher == AES_GCM)iv_len = iv_gcm_len;data_len = AES_TEST_DATA_LEN;for (index = 0; index < data_len; index++)aes_hard_in_data[index] = index;for (i = 0; i < (256 / iv_len); i++){for (index = i * iv_len; index < (i * iv_len) + iv_len; index++)aes_iv[index - (i * iv_len)] = index;if (aes_check(aes_key, key_len, aes_iv, iv_len, aes_aad, aad_len, cipher,aes_hard_in_data, data_len) == AES_CHECK_FAIL)check_tag = 1;}if(check_tag)return AES_CHECK_FAIL;elsereturn AES_CHECK_PASS;
}可以观察如下:
