1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * Copyright (C) 2014 Marek Vasut <marex@denx.de>
4 *
5 * Command for en/de-crypting block of memory with AES-[128/192/256]-CBC cipher.
6 */
7
8#include <common.h>
9#include <command.h>
10#include <uboot_aes.h>
11#include <malloc.h>
12#include <asm/byteorder.h>
13#include <linux/compiler.h>
14#include <mapmem.h>
15
16u32 aes_get_key_len(char *command)
17{
18	u32 key_len = AES128_KEY_LENGTH;
19
20	if (!strcmp(command, "aes.192"))
21		key_len = AES192_KEY_LENGTH;
22	else if (!strcmp(command, "aes.256"))
23		key_len = AES256_KEY_LENGTH;
24
25	return key_len;
26}
27
28/**
29 * do_aes() - Handle the "aes" command-line command
30 * @cmdtp:	Command data struct pointer
31 * @flag:	Command flag
32 * @argc:	Command-line argument count
33 * @argv:	Array of command-line arguments
34 *
35 * Returns zero on success, CMD_RET_USAGE in case of misuse and negative
36 * on error.
37 */
38static int do_aes(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
39{
40	uint32_t key_addr, iv_addr, src_addr, dst_addr, len;
41	uint8_t *key_ptr, *iv_ptr, *src_ptr, *dst_ptr;
42	u8 key_exp[AES256_EXPAND_KEY_LENGTH];
43	u32 aes_blocks, key_len;
44	int enc;
45
46	if (argc != 7)
47		return CMD_RET_USAGE;
48
49	key_len = aes_get_key_len(argv[0]);
50
51	if (!strncmp(argv[1], "enc", 3))
52		enc = 1;
53	else if (!strncmp(argv[1], "dec", 3))
54		enc = 0;
55	else
56		return CMD_RET_USAGE;
57
58	key_addr = hextoul(argv[2], NULL);
59	iv_addr = hextoul(argv[3], NULL);
60	src_addr = hextoul(argv[4], NULL);
61	dst_addr = hextoul(argv[5], NULL);
62	len = hextoul(argv[6], NULL);
63
64	key_ptr = (uint8_t *)map_sysmem(key_addr, key_len);
65	iv_ptr = (uint8_t *)map_sysmem(iv_addr, 128 / 8);
66	src_ptr = (uint8_t *)map_sysmem(src_addr, len);
67	dst_ptr = (uint8_t *)map_sysmem(dst_addr, len);
68
69	/* First we expand the key. */
70	aes_expand_key(key_ptr, key_len, key_exp);
71
72	/* Calculate the number of AES blocks to encrypt. */
73	aes_blocks = DIV_ROUND_UP(len, AES_BLOCK_LENGTH);
74
75	if (enc)
76		aes_cbc_encrypt_blocks(key_len, key_exp, iv_ptr, src_ptr,
77				       dst_ptr, aes_blocks);
78	else
79		aes_cbc_decrypt_blocks(key_len, key_exp, iv_ptr, src_ptr,
80				       dst_ptr, aes_blocks);
81
82	unmap_sysmem(key_ptr);
83	unmap_sysmem(iv_ptr);
84	unmap_sysmem(src_ptr);
85	unmap_sysmem(dst_ptr);
86
87	return 0;
88}
89
90/***************************************************/
91U_BOOT_LONGHELP(aes,
92	"[.128,.192,.256] enc key iv src dst len - Encrypt block of data $len bytes long\n"
93	"                             at address $src using a key at address\n"
94	"                             $key with initialization vector at address\n"
95	"                             $iv. Store the result at address $dst.\n"
96	"                             The $len size must be multiple of 16 bytes.\n"
97	"                             The $key and $iv must be 16 bytes long.\n"
98	"aes [.128,.192,.256] dec key iv src dst len - Decrypt block of data $len bytes long\n"
99	"                             at address $src using a key at address\n"
100	"                             $key with initialization vector at address\n"
101	"                             $iv. Store the result at address $dst.\n"
102	"                             The $len size must be multiple of 16 bytes.\n"
103	"                             The $key and $iv must be 16 bytes long.");
104
105U_BOOT_CMD(
106	aes, 7, 1, do_aes,
107	"AES 128/192/256 CBC encryption",
108	aes_help_text
109);
110