aes: Add 'aes' command to access AES-128-CBC

Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de>

aes: Add 'aes' command to access AES-128-CBC
Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de>
Marek Vasut · Tom Rini
1 parent dc24bb6ddb
Showing 3 changed files with 91 additions and 0 deletions Side-by-side Diff
README
common/Makefile
common/cmd_aes.c
@@ -910,6 +910,7 @@
 		The default command configuration includes all commands
 		except those marked below with a "*".
  
+		CONFIG_CMD_AES		  AES 128 CBC encrypt/decrypt
 		CONFIG_CMD_ASKENV	* ask for env variable
 		CONFIG_CMD_BDI		  bdinfo
 		CONFIG_CMD_BEDBUG	* Include BedBug Debugger
@@ -48,6 +48,7 @@
 obj-$(CONFIG_ENV_IS_NOWHERE) += env_nowhere.o
  
 # command
+obj-$(CONFIG_CMD_AES) += cmd_aes.o
 obj-$(CONFIG_CMD_AMBAPP) += cmd_ambapp.o
 obj-$(CONFIG_SOURCE) += cmd_source.o
 obj-$(CONFIG_CMD_SOURCE) += cmd_source.o
+/*
+ * Copyright (C) 2014 Marek Vasut <marex@denx.de>
+ *
+ * Command for en/de-crypting block of memory with AES-128-CBC cipher.
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ */
+
+#include <common.h>
+#include <command.h>
+#include <environment.h>
+#include <aes.h>
+#include <malloc.h>
+#include <asm/byteorder.h>
+#include <linux/compiler.h>
+
+DECLARE_GLOBAL_DATA_PTR;
+
+/**
+ * do_aes() - Handle the "aes" command-line command
+ * @cmdtp:	Command data struct pointer
+ * @flag:	Command flag
+ * @argc:	Command-line argument count
+ * @argv:	Array of command-line arguments
+ *
+ * Returns zero on success, CMD_RET_USAGE in case of misuse and negative
+ * on error.
+ */
+static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
+{
+	uint32_t key_addr, src_addr, dst_addr, len;
+	uint8_t *key_ptr, *src_ptr, *dst_ptr;
+	uint8_t key_exp[AES_EXPAND_KEY_LENGTH];
+	uint32_t aes_blocks;
+	int enc;
+
+	if (argc != 6)
+		return CMD_RET_USAGE;
+
+	if (!strncmp(argv[1], "enc", 3))
+		enc = 1;
+	else if (!strncmp(argv[1], "dec", 3))
+		enc = 0;
+	else
+		return CMD_RET_USAGE;
+
+	key_addr = simple_strtoul(argv[2], NULL, 16);
+	src_addr = simple_strtoul(argv[3], NULL, 16);
+	dst_addr = simple_strtoul(argv[4], NULL, 16);
+	len = simple_strtoul(argv[5], NULL, 16);
+
+	key_ptr = (uint8_t *)key_addr;
+	src_ptr = (uint8_t *)src_addr;
+	dst_ptr = (uint8_t *)dst_addr;
+
+	/* First we expand the key. */
+	aes_expand_key(key_ptr, key_exp);
+
+	/* Calculate the number of AES blocks to encrypt. */
+	aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH);
+
+	if (enc)
+		aes_cbc_encrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks);
+	else
+		aes_cbc_decrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks);
+
+	return 0;
+}
+
+/***************************************************/
+#ifdef CONFIG_SYS_LONGHELP
+static char aes_help_text[] =
+	"enc key src dst len - Encrypt block of data $len bytes long\n"
+	"                          at address $src using a key at address\n"
+	"                          $key and store the result at address\n"
+	"                          $dst. The $len size must be multiple of\n"
+	"                          16 bytes and $key must be 16 bytes long.\n"
+	"aes dec key src dst len - Decrypt block of data $len bytes long\n"
+	"                          at address $src using a key at address\n"
+	"                          $key and store the result at address\n"
+	"                          $dst. The $len size must be multiple of\n"
+	"                          16 bytes and $key must be 16 bytes long.";
+#endif
+
+U_BOOT_CMD(
+	aes, 6, 1, do_aes,
+	"AES 128 CBC encryption",
+	aes_help_text
+);
...	...	@@ -910,6 +910,7 @@
910	910	The default command configuration includes all commands
911	911	except those marked below with a "*".
912	912
	913	+ CONFIG_CMD_AES AES 128 CBC encrypt/decrypt
913	914	CONFIG_CMD_ASKENV * ask for env variable
914	915	CONFIG_CMD_BDI bdinfo
915	916	CONFIG_CMD_BEDBUG * Include BedBug Debugger
...	...	@@ -48,6 +48,7 @@
48	48	obj-$(CONFIG_ENV_IS_NOWHERE) += env_nowhere.o
49	49
50	50	# command
	51	+obj-$(CONFIG_CMD_AES) += cmd_aes.o
51	52	obj-$(CONFIG_CMD_AMBAPP) += cmd_ambapp.o
52	53	obj-$(CONFIG_SOURCE) += cmd_source.o
53	54	obj-$(CONFIG_CMD_SOURCE) += cmd_source.o
	1	+/*
	2	+ * Copyright (C) 2014 Marek Vasut <marex@denx.de>
	3	+ *
	4	+ * Command for en/de-crypting block of memory with AES-128-CBC cipher.
	5	+ *
	6	+ * SPDX-License-Identifier: GPL-2.0+
	7	+ */
	8	+
	9	+#include <common.h>
	10	+#include <command.h>
	11	+#include <environment.h>
	12	+#include <aes.h>
	13	+#include <malloc.h>
	14	+#include <asm/byteorder.h>
	15	+#include <linux/compiler.h>
	16	+
	17	+DECLARE_GLOBAL_DATA_PTR;
	18	+
	19	+/**
	20	+ * do_aes() - Handle the "aes" command-line command
	21	+ * @cmdtp: Command data struct pointer
	22	+ * @flag: Command flag
	23	+ * @argc: Command-line argument count
	24	+ * @argv: Array of command-line arguments
	25	+ *
	26	+ * Returns zero on success, CMD_RET_USAGE in case of misuse and negative
	27	+ * on error.
	28	+ */
	29	+static int do_aes(cmd_tbl_t cmdtp, int flag, int argc, char const argv[])
	30	+{
	31	+ uint32_t key_addr, src_addr, dst_addr, len;
	32	+ uint8_t key_ptr, src_ptr, *dst_ptr;
	33	+ uint8_t key_exp[AES_EXPAND_KEY_LENGTH];
	34	+ uint32_t aes_blocks;
	35	+ int enc;
	36	+
	37	+ if (argc != 6)
	38	+ return CMD_RET_USAGE;
	39	+
	40	+ if (!strncmp(argv[1], "enc", 3))
	41	+ enc = 1;
	42	+ else if (!strncmp(argv[1], "dec", 3))
	43	+ enc = 0;
	44	+ else
	45	+ return CMD_RET_USAGE;
	46	+
	47	+ key_addr = simple_strtoul(argv[2], NULL, 16);
	48	+ src_addr = simple_strtoul(argv[3], NULL, 16);
	49	+ dst_addr = simple_strtoul(argv[4], NULL, 16);
	50	+ len = simple_strtoul(argv[5], NULL, 16);
	51	+
	52	+ key_ptr = (uint8_t *)key_addr;
	53	+ src_ptr = (uint8_t *)src_addr;
	54	+ dst_ptr = (uint8_t *)dst_addr;
	55	+
	56	+ /* First we expand the key. */
	57	+ aes_expand_key(key_ptr, key_exp);
	58	+
	59	+ /* Calculate the number of AES blocks to encrypt. */
	60	+ aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH);
	61	+
	62	+ if (enc)
	63	+ aes_cbc_encrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks);
	64	+ else
	65	+ aes_cbc_decrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks);
	66	+
	67	+ return 0;
	68	+}
	69	+
	70	+/***************************************************/
	71	+#ifdef CONFIG_SYS_LONGHELP
	72	+static char aes_help_text[] =
	73	+ "enc key src dst len - Encrypt block of data $len bytes long\n"
	74	+ " at address $src using a key at address\n"
	75	+ " $key and store the result at address\n"
	76	+ " $dst. The $len size must be multiple of\n"
	77	+ " 16 bytes and $key must be 16 bytes long.\n"
	78	+ "aes dec key src dst len - Decrypt block of data $len bytes long\n"
	79	+ " at address $src using a key at address\n"
	80	+ " $key and store the result at address\n"
	81	+ " $dst. The $len size must be multiple of\n"
	82	+ " 16 bytes and $key must be 16 bytes long.";
	83	+#endif
	84	+
	85	+U_BOOT_CMD(
	86	+ aes, 6, 1, do_aes,
	87	+ "AES 128 CBC encryption",
	88	+ aes_help_text
	89	+);