diff options
author | Marek Vasut <marex@denx.de> | 2014-03-05 19:58:39 +0100 |
---|---|---|
committer | Tom Rini <trini@ti.com> | 2014-03-21 16:43:58 -0400 |
commit | b401b73d02bb4f97197830e565f19a65577fecc6 (patch) | |
tree | 4382f7da81b2d4c594d5a5c8d60f23b2e5c25f2f /common | |
parent | dc24bb6ddb416db52a60165931c0864fdba1f60b (diff) | |
download | u-boot-imx-b401b73d02bb4f97197830e565f19a65577fecc6.zip u-boot-imx-b401b73d02bb4f97197830e565f19a65577fecc6.tar.gz u-boot-imx-b401b73d02bb4f97197830e565f19a65577fecc6.tar.bz2 |
aes: Add 'aes' command to access AES-128-CBC
Add simple 'aes' command, which allows using the AES-128-CBC encryption
and decryption functions from U-Boot command line.
Signed-off-by: Marek Vasut <marex@denx.de>
Diffstat (limited to 'common')
-rw-r--r-- | common/Makefile | 1 | ||||
-rw-r--r-- | common/cmd_aes.c | 89 |
2 files changed, 90 insertions, 0 deletions
diff --git a/common/Makefile b/common/Makefile index e2ff0cb..c49a0af 100644 --- a/common/Makefile +++ b/common/Makefile @@ -48,6 +48,7 @@ obj-$(CONFIG_ENV_IS_IN_UBI) += env_ubi.o obj-$(CONFIG_ENV_IS_NOWHERE) += env_nowhere.o # command +obj-$(CONFIG_CMD_AES) += cmd_aes.o obj-$(CONFIG_CMD_AMBAPP) += cmd_ambapp.o obj-$(CONFIG_SOURCE) += cmd_source.o obj-$(CONFIG_CMD_SOURCE) += cmd_source.o diff --git a/common/cmd_aes.c b/common/cmd_aes.c new file mode 100644 index 0000000..76da3ef --- /dev/null +++ b/common/cmd_aes.c @@ -0,0 +1,89 @@ +/* + * Copyright (C) 2014 Marek Vasut <marex@denx.de> + * + * Command for en/de-crypting block of memory with AES-128-CBC cipher. + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include <common.h> +#include <command.h> +#include <environment.h> +#include <aes.h> +#include <malloc.h> +#include <asm/byteorder.h> +#include <linux/compiler.h> + +DECLARE_GLOBAL_DATA_PTR; + +/** + * do_aes() - Handle the "aes" command-line command + * @cmdtp: Command data struct pointer + * @flag: Command flag + * @argc: Command-line argument count + * @argv: Array of command-line arguments + * + * Returns zero on success, CMD_RET_USAGE in case of misuse and negative + * on error. + */ +static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) +{ + uint32_t key_addr, src_addr, dst_addr, len; + uint8_t *key_ptr, *src_ptr, *dst_ptr; + uint8_t key_exp[AES_EXPAND_KEY_LENGTH]; + uint32_t aes_blocks; + int enc; + + if (argc != 6) + return CMD_RET_USAGE; + + if (!strncmp(argv[1], "enc", 3)) + enc = 1; + else if (!strncmp(argv[1], "dec", 3)) + enc = 0; + else + return CMD_RET_USAGE; + + key_addr = simple_strtoul(argv[2], NULL, 16); + src_addr = simple_strtoul(argv[3], NULL, 16); + dst_addr = simple_strtoul(argv[4], NULL, 16); + len = simple_strtoul(argv[5], NULL, 16); + + key_ptr = (uint8_t *)key_addr; + src_ptr = (uint8_t *)src_addr; + dst_ptr = (uint8_t *)dst_addr; + + /* First we expand the key. */ + aes_expand_key(key_ptr, key_exp); + + /* Calculate the number of AES blocks to encrypt. */ + aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH); + + if (enc) + aes_cbc_encrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks); + else + aes_cbc_decrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks); + + return 0; +} + +/***************************************************/ +#ifdef CONFIG_SYS_LONGHELP +static char aes_help_text[] = + "enc key src dst len - Encrypt block of data $len bytes long\n" + " at address $src using a key at address\n" + " $key and store the result at address\n" + " $dst. The $len size must be multiple of\n" + " 16 bytes and $key must be 16 bytes long.\n" + "aes dec key src dst len - Decrypt block of data $len bytes long\n" + " at address $src using a key at address\n" + " $key and store the result at address\n" + " $dst. The $len size must be multiple of\n" + " 16 bytes and $key must be 16 bytes long."; +#endif + +U_BOOT_CMD( + aes, 6, 1, do_aes, + "AES 128 CBC encryption", + aes_help_text +); |