1// SPDX-License-Identifier: GPL-2.0+ 2/* 3 * Copyright (C) 2014 Marek Vasut <marex@denx.de> 4 * 5 * Command for en/de-crypting block of memory with AES-[128/192/256]-CBC cipher. 6 */ 7 8#include <common.h> 9#include <command.h> 10#include <uboot_aes.h> 11#include <malloc.h> 12#include <asm/byteorder.h> 13#include <linux/compiler.h> 14#include <mapmem.h> 15 16u32 aes_get_key_len(char *command) 17{ 18 u32 key_len = AES128_KEY_LENGTH; 19 20 if (!strcmp(command, "aes.192")) 21 key_len = AES192_KEY_LENGTH; 22 else if (!strcmp(command, "aes.256")) 23 key_len = AES256_KEY_LENGTH; 24 25 return key_len; 26} 27 28/** 29 * do_aes() - Handle the "aes" command-line command 30 * @cmdtp: Command data struct pointer 31 * @flag: Command flag 32 * @argc: Command-line argument count 33 * @argv: Array of command-line arguments 34 * 35 * Returns zero on success, CMD_RET_USAGE in case of misuse and negative 36 * on error. 37 */ 38static int do_aes(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) 39{ 40 uint32_t key_addr, iv_addr, src_addr, dst_addr, len; 41 uint8_t *key_ptr, *iv_ptr, *src_ptr, *dst_ptr; 42 u8 key_exp[AES256_EXPAND_KEY_LENGTH]; 43 u32 aes_blocks, key_len; 44 int enc; 45 46 if (argc != 7) 47 return CMD_RET_USAGE; 48 49 key_len = aes_get_key_len(argv[0]); 50 51 if (!strncmp(argv[1], "enc", 3)) 52 enc = 1; 53 else if (!strncmp(argv[1], "dec", 3)) 54 enc = 0; 55 else 56 return CMD_RET_USAGE; 57 58 key_addr = hextoul(argv[2], NULL); 59 iv_addr = hextoul(argv[3], NULL); 60 src_addr = hextoul(argv[4], NULL); 61 dst_addr = hextoul(argv[5], NULL); 62 len = hextoul(argv[6], NULL); 63 64 key_ptr = (uint8_t *)map_sysmem(key_addr, key_len); 65 iv_ptr = (uint8_t *)map_sysmem(iv_addr, 128 / 8); 66 src_ptr = (uint8_t *)map_sysmem(src_addr, len); 67 dst_ptr = (uint8_t *)map_sysmem(dst_addr, len); 68 69 /* First we expand the key. */ 70 aes_expand_key(key_ptr, key_len, key_exp); 71 72 /* Calculate the number of AES blocks to encrypt. */ 73 aes_blocks = DIV_ROUND_UP(len, AES_BLOCK_LENGTH); 74 75 if (enc) 76 aes_cbc_encrypt_blocks(key_len, key_exp, iv_ptr, src_ptr, 77 dst_ptr, aes_blocks); 78 else 79 aes_cbc_decrypt_blocks(key_len, key_exp, iv_ptr, src_ptr, 80 dst_ptr, aes_blocks); 81 82 unmap_sysmem(key_ptr); 83 unmap_sysmem(iv_ptr); 84 unmap_sysmem(src_ptr); 85 unmap_sysmem(dst_ptr); 86 87 return 0; 88} 89 90/***************************************************/ 91U_BOOT_LONGHELP(aes, 92 "[.128,.192,.256] enc key iv src dst len - Encrypt block of data $len bytes long\n" 93 " at address $src using a key at address\n" 94 " $key with initialization vector at address\n" 95 " $iv. Store the result at address $dst.\n" 96 " The $len size must be multiple of 16 bytes.\n" 97 " The $key and $iv must be 16 bytes long.\n" 98 "aes [.128,.192,.256] dec key iv src dst len - Decrypt block of data $len bytes long\n" 99 " at address $src using a key at address\n" 100 " $key with initialization vector at address\n" 101 " $iv. Store the result at address $dst.\n" 102 " The $len size must be multiple of 16 bytes.\n" 103 " The $key and $iv must be 16 bytes long."); 104 105U_BOOT_CMD( 106 aes, 7, 1, do_aes, 107 "AES 128/192/256 CBC encryption", 108 aes_help_text 109); 110