aes: Add 'aes' command to access AES-128-CBC
authorMarek Vasut <marex@denx.de>
Wed, 5 Mar 2014 18:58:39 +0000 (19:58 +0100)
committerTom Rini <trini@ti.com>
Fri, 21 Mar 2014 20:43:58 +0000 (16:43 -0400)
Add simple 'aes' command, which allows using the AES-128-CBC encryption
and decryption functions from U-Boot command line.

Signed-off-by: Marek Vasut <marex@denx.de>
README
common/Makefile
common/cmd_aes.c [new file with mode: 0644]

diff --git a/README b/README
index 216f0c70aa9403534127dcd256627fa55e12f08e..fd717bf085fab6a44b4a41c7b833e978cbaed897 100644 (file)
--- a/README
+++ b/README
@@ -910,6 +910,7 @@ The following options need to be configured:
                The default command configuration includes all commands
                except those marked below with a "*".
 
+               CONFIG_CMD_AES            AES 128 CBC encrypt/decrypt
                CONFIG_CMD_ASKENV       * ask for env variable
                CONFIG_CMD_BDI            bdinfo
                CONFIG_CMD_BEDBUG       * Include BedBug Debugger
index e2ff0cb57d64e623c336b3ba5f30e144071b2b7a..c49a0af28d5c86000941b0957f937cf131d3cdf2 100644 (file)
@@ -48,6 +48,7 @@ obj-$(CONFIG_ENV_IS_IN_UBI) += env_ubi.o
 obj-$(CONFIG_ENV_IS_NOWHERE) += env_nowhere.o
 
 # command
+obj-$(CONFIG_CMD_AES) += cmd_aes.o
 obj-$(CONFIG_CMD_AMBAPP) += cmd_ambapp.o
 obj-$(CONFIG_SOURCE) += cmd_source.o
 obj-$(CONFIG_CMD_SOURCE) += cmd_source.o
diff --git a/common/cmd_aes.c b/common/cmd_aes.c
new file mode 100644 (file)
index 0000000..76da3ef
--- /dev/null
@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2014 Marek Vasut <marex@denx.de>
+ *
+ * Command for en/de-crypting block of memory with AES-128-CBC cipher.
+ *
+ * SPDX-License-Identifier:    GPL-2.0+
+ */
+
+#include <common.h>
+#include <command.h>
+#include <environment.h>
+#include <aes.h>
+#include <malloc.h>
+#include <asm/byteorder.h>
+#include <linux/compiler.h>
+
+DECLARE_GLOBAL_DATA_PTR;
+
+/**
+ * do_aes() - Handle the "aes" command-line command
+ * @cmdtp:     Command data struct pointer
+ * @flag:      Command flag
+ * @argc:      Command-line argument count
+ * @argv:      Array of command-line arguments
+ *
+ * Returns zero on success, CMD_RET_USAGE in case of misuse and negative
+ * on error.
+ */
+static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
+{
+       uint32_t key_addr, src_addr, dst_addr, len;
+       uint8_t *key_ptr, *src_ptr, *dst_ptr;
+       uint8_t key_exp[AES_EXPAND_KEY_LENGTH];
+       uint32_t aes_blocks;
+       int enc;
+
+       if (argc != 6)
+               return CMD_RET_USAGE;
+
+       if (!strncmp(argv[1], "enc", 3))
+               enc = 1;
+       else if (!strncmp(argv[1], "dec", 3))
+               enc = 0;
+       else
+               return CMD_RET_USAGE;
+
+       key_addr = simple_strtoul(argv[2], NULL, 16);
+       src_addr = simple_strtoul(argv[3], NULL, 16);
+       dst_addr = simple_strtoul(argv[4], NULL, 16);
+       len = simple_strtoul(argv[5], NULL, 16);
+
+       key_ptr = (uint8_t *)key_addr;
+       src_ptr = (uint8_t *)src_addr;
+       dst_ptr = (uint8_t *)dst_addr;
+
+       /* First we expand the key. */
+       aes_expand_key(key_ptr, key_exp);
+
+       /* Calculate the number of AES blocks to encrypt. */
+       aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH);
+
+       if (enc)
+               aes_cbc_encrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks);
+       else
+               aes_cbc_decrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks);
+
+       return 0;
+}
+
+/***************************************************/
+#ifdef CONFIG_SYS_LONGHELP
+static char aes_help_text[] =
+       "enc key src dst len - Encrypt block of data $len bytes long\n"
+       "                          at address $src using a key at address\n"
+       "                          $key and store the result at address\n"
+       "                          $dst. The $len size must be multiple of\n"
+       "                          16 bytes and $key must be 16 bytes long.\n"
+       "aes dec key src dst len - Decrypt block of data $len bytes long\n"
+       "                          at address $src using a key at address\n"
+       "                          $key and store the result at address\n"
+       "                          $dst. The $len size must be multiple of\n"
+       "                          16 bytes and $key must be 16 bytes long.";
+#endif
+
+U_BOOT_CMD(
+       aes, 6, 1, do_aes,
+       "AES 128 CBC encryption",
+       aes_help_text
+);