[U-Boot] [PATCH 4/4] aes: Add 'aes' command to access AES-128-CBC
Marek Vasut
marex at denx.de
Wed Mar 5 19:58:39 CET 2014
Add simple 'aes' command, which allows using the AES-128-CBC encryption
and decryption functions from U-Boot command line.
Signed-off-by: Marek Vasut <marex at denx.de>
---
README | 1 +
common/Makefile | 1 +
common/cmd_aes.c | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 91 insertions(+)
create mode 100644 common/cmd_aes.c
diff --git a/README b/README
index 216f0c7..fd717bf 100644
--- a/README
+++ b/README
@@ -910,6 +910,7 @@ The following options need to be configured:
The default command configuration includes all commands
except those marked below with a "*".
+ CONFIG_CMD_AES AES 128 CBC encrypt/decrypt
CONFIG_CMD_ASKENV * ask for env variable
CONFIG_CMD_BDI bdinfo
CONFIG_CMD_BEDBUG * Include BedBug Debugger
diff --git a/common/Makefile b/common/Makefile
index 04e9cdd..622f7bb 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -48,6 +48,7 @@ obj-$(CONFIG_ENV_IS_IN_UBI) += env_ubi.o
obj-$(CONFIG_ENV_IS_NOWHERE) += env_nowhere.o
# command
+obj-$(CONFIG_CMD_AES) += cmd_aes.o
obj-$(CONFIG_CMD_AMBAPP) += cmd_ambapp.o
obj-$(CONFIG_SOURCE) += cmd_source.o
obj-$(CONFIG_CMD_SOURCE) += cmd_source.o
diff --git a/common/cmd_aes.c b/common/cmd_aes.c
new file mode 100644
index 0000000..76da3ef
--- /dev/null
+++ b/common/cmd_aes.c
@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2014 Marek Vasut <marex at denx.de>
+ *
+ * Command for en/de-crypting block of memory with AES-128-CBC cipher.
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#include <common.h>
+#include <command.h>
+#include <environment.h>
+#include <aes.h>
+#include <malloc.h>
+#include <asm/byteorder.h>
+#include <linux/compiler.h>
+
+DECLARE_GLOBAL_DATA_PTR;
+
+/**
+ * do_aes() - Handle the "aes" command-line command
+ * @cmdtp: Command data struct pointer
+ * @flag: Command flag
+ * @argc: Command-line argument count
+ * @argv: Array of command-line arguments
+ *
+ * Returns zero on success, CMD_RET_USAGE in case of misuse and negative
+ * on error.
+ */
+static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
+{
+ uint32_t key_addr, src_addr, dst_addr, len;
+ uint8_t *key_ptr, *src_ptr, *dst_ptr;
+ uint8_t key_exp[AES_EXPAND_KEY_LENGTH];
+ uint32_t aes_blocks;
+ int enc;
+
+ if (argc != 6)
+ return CMD_RET_USAGE;
+
+ if (!strncmp(argv[1], "enc", 3))
+ enc = 1;
+ else if (!strncmp(argv[1], "dec", 3))
+ enc = 0;
+ else
+ return CMD_RET_USAGE;
+
+ key_addr = simple_strtoul(argv[2], NULL, 16);
+ src_addr = simple_strtoul(argv[3], NULL, 16);
+ dst_addr = simple_strtoul(argv[4], NULL, 16);
+ len = simple_strtoul(argv[5], NULL, 16);
+
+ key_ptr = (uint8_t *)key_addr;
+ src_ptr = (uint8_t *)src_addr;
+ dst_ptr = (uint8_t *)dst_addr;
+
+ /* First we expand the key. */
+ aes_expand_key(key_ptr, key_exp);
+
+ /* Calculate the number of AES blocks to encrypt. */
+ aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH);
+
+ if (enc)
+ aes_cbc_encrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks);
+ else
+ aes_cbc_decrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks);
+
+ return 0;
+}
+
+/***************************************************/
+#ifdef CONFIG_SYS_LONGHELP
+static char aes_help_text[] =
+ "enc key src dst len - Encrypt block of data $len bytes long\n"
+ " at address $src using a key at address\n"
+ " $key and store the result at address\n"
+ " $dst. The $len size must be multiple of\n"
+ " 16 bytes and $key must be 16 bytes long.\n"
+ "aes dec key src dst len - Decrypt block of data $len bytes long\n"
+ " at address $src using a key at address\n"
+ " $key and store the result at address\n"
+ " $dst. The $len size must be multiple of\n"
+ " 16 bytes and $key must be 16 bytes long.";
+#endif
+
+U_BOOT_CMD(
+ aes, 6, 1, do_aes,
+ "AES 128 CBC encryption",
+ aes_help_text
+);
--
1.8.5.2
More information about the U-Boot
mailing list