summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarek Vasut <marex@denx.de>2014-03-05 19:58:39 +0100
committerTom Rini <trini@ti.com>2014-03-21 16:43:58 -0400
commitb401b73d02bb4f97197830e565f19a65577fecc6 (patch)
tree4382f7da81b2d4c594d5a5c8d60f23b2e5c25f2f
parentdc24bb6ddb416db52a60165931c0864fdba1f60b (diff)
downloadu-boot-imx-b401b73d02bb4f97197830e565f19a65577fecc6.zip
u-boot-imx-b401b73d02bb4f97197830e565f19a65577fecc6.tar.gz
u-boot-imx-b401b73d02bb4f97197830e565f19a65577fecc6.tar.bz2
aes: Add 'aes' command to access AES-128-CBC
Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de>
-rw-r--r--README1
-rw-r--r--common/Makefile1
-rw-r--r--common/cmd_aes.c89
3 files changed, 91 insertions, 0 deletions
diff --git a/README b/README
index 216f0c7..fd717bf 100644
--- a/README
+++ b/README
@@ -910,6 +910,7 @@ The following options need to be configured:
The default command configuration includes all commands
except those marked below with a "*".
+ CONFIG_CMD_AES AES 128 CBC encrypt/decrypt
CONFIG_CMD_ASKENV * ask for env variable
CONFIG_CMD_BDI bdinfo
CONFIG_CMD_BEDBUG * Include BedBug Debugger
diff --git a/common/Makefile b/common/Makefile
index e2ff0cb..c49a0af 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -48,6 +48,7 @@ obj-$(CONFIG_ENV_IS_IN_UBI) += env_ubi.o
obj-$(CONFIG_ENV_IS_NOWHERE) += env_nowhere.o
# command
+obj-$(CONFIG_CMD_AES) += cmd_aes.o
obj-$(CONFIG_CMD_AMBAPP) += cmd_ambapp.o
obj-$(CONFIG_SOURCE) += cmd_source.o
obj-$(CONFIG_CMD_SOURCE) += cmd_source.o
diff --git a/common/cmd_aes.c b/common/cmd_aes.c
new file mode 100644
index 0000000..76da3ef
--- /dev/null
+++ b/common/cmd_aes.c
@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2014 Marek Vasut <marex@denx.de>
+ *
+ * Command for en/de-crypting block of memory with AES-128-CBC cipher.
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#include <common.h>
+#include <command.h>
+#include <environment.h>
+#include <aes.h>
+#include <malloc.h>
+#include <asm/byteorder.h>
+#include <linux/compiler.h>
+
+DECLARE_GLOBAL_DATA_PTR;
+
+/**
+ * do_aes() - Handle the "aes" command-line command
+ * @cmdtp: Command data struct pointer
+ * @flag: Command flag
+ * @argc: Command-line argument count
+ * @argv: Array of command-line arguments
+ *
+ * Returns zero on success, CMD_RET_USAGE in case of misuse and negative
+ * on error.
+ */
+static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
+{
+ uint32_t key_addr, src_addr, dst_addr, len;
+ uint8_t *key_ptr, *src_ptr, *dst_ptr;
+ uint8_t key_exp[AES_EXPAND_KEY_LENGTH];
+ uint32_t aes_blocks;
+ int enc;
+
+ if (argc != 6)
+ return CMD_RET_USAGE;
+
+ if (!strncmp(argv[1], "enc", 3))
+ enc = 1;
+ else if (!strncmp(argv[1], "dec", 3))
+ enc = 0;
+ else
+ return CMD_RET_USAGE;
+
+ key_addr = simple_strtoul(argv[2], NULL, 16);
+ src_addr = simple_strtoul(argv[3], NULL, 16);
+ dst_addr = simple_strtoul(argv[4], NULL, 16);
+ len = simple_strtoul(argv[5], NULL, 16);
+
+ key_ptr = (uint8_t *)key_addr;
+ src_ptr = (uint8_t *)src_addr;
+ dst_ptr = (uint8_t *)dst_addr;
+
+ /* First we expand the key. */
+ aes_expand_key(key_ptr, key_exp);
+
+ /* Calculate the number of AES blocks to encrypt. */
+ aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH);
+
+ if (enc)
+ aes_cbc_encrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks);
+ else
+ aes_cbc_decrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks);
+
+ return 0;
+}
+
+/***************************************************/
+#ifdef CONFIG_SYS_LONGHELP
+static char aes_help_text[] =
+ "enc key src dst len - Encrypt block of data $len bytes long\n"
+ " at address $src using a key at address\n"
+ " $key and store the result at address\n"
+ " $dst. The $len size must be multiple of\n"
+ " 16 bytes and $key must be 16 bytes long.\n"
+ "aes dec key src dst len - Decrypt block of data $len bytes long\n"
+ " at address $src using a key at address\n"
+ " $key and store the result at address\n"
+ " $dst. The $len size must be multiple of\n"
+ " 16 bytes and $key must be 16 bytes long.";
+#endif
+
+U_BOOT_CMD(
+ aes, 6, 1, do_aes,
+ "AES 128 CBC encryption",
+ aes_help_text
+);