u-boot/cmd/aes.c

// SPDX-License-Identifier: GPL-2.0+
/*
 * Copyright (C) 2014 Marek Vasut <marex@denx.de>
 *
 * Command for en/de-crypting block of memory with AES-[128/192/256]-CBC cipher.
 */

#include <common.h>
#include <command.h>
#include <uboot_aes.h>
#include <malloc.h>
#include <asm/byteorder.h>
#include <linux/compiler.h>
#include <mapmem.h>

u32 aes_get_key_len(char *command)
{
	u32 key_len = AES128_KEY_LENGTH;

	if (!strcmp(command, "aes.192"))
		key_len = AES192_KEY_LENGTH;
	else if (!strcmp(command, "aes.256"))
		key_len = AES256_KEY_LENGTH;

	return key_len;
}

/**
 * do_aes() - Handle the "aes" command-line command
 * @cmdtp:	Command data struct pointer
 * @flag:	Command flag
 * @argc:	Command-line argument count
 * @argv:	Array of command-line arguments
 *
 * Returns zero on success, CMD_RET_USAGE in case of misuse and negative
 * on error.
 */
static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
{
	uint32_t key_addr, iv_addr, src_addr, dst_addr, len;
	uint8_t *key_ptr, *iv_ptr, *src_ptr, *dst_ptr;
	u8 key_exp[AES256_EXPAND_KEY_LENGTH];
	u32 aes_blocks, key_len;
	int enc;

	if (argc != 7)
		return CMD_RET_USAGE;

	key_len = aes_get_key_len(argv[0]);

	if (!strncmp(argv[1], "enc", 3))
		enc = 1;
	else if (!strncmp(argv[1], "dec", 3))
		enc = 0;
	else
		return CMD_RET_USAGE;

	key_addr = simple_strtoul(argv[2], NULL, 16);
	iv_addr = simple_strtoul(argv[3], NULL, 16);
	src_addr = simple_strtoul(argv[4], NULL, 16);
	dst_addr = simple_strtoul(argv[5], NULL, 16);
	len = simple_strtoul(argv[6], NULL, 16);

	key_ptr = (uint8_t *)map_sysmem(key_addr, key_len);
	iv_ptr = (uint8_t *)map_sysmem(iv_addr, 128 / 8);
	src_ptr = (uint8_t *)map_sysmem(src_addr, len);
	dst_ptr = (uint8_t *)map_sysmem(dst_addr, len);

	/* First we expand the key. */
	aes_expand_key(key_ptr, key_len, key_exp);

	/* Calculate the number of AES blocks to encrypt. */
	aes_blocks = DIV_ROUND_UP(len, AES_BLOCK_LENGTH);

	if (enc)
		aes_cbc_encrypt_blocks(key_len, key_exp, iv_ptr, src_ptr,
				       dst_ptr, aes_blocks);
	else
		aes_cbc_decrypt_blocks(key_len, key_exp, iv_ptr, src_ptr,
				       dst_ptr, aes_blocks);

	unmap_sysmem(key_ptr);
	unmap_sysmem(iv_ptr);
	unmap_sysmem(src_ptr);
	unmap_sysmem(dst_ptr);

	return 0;
}

/***************************************************/
#ifdef CONFIG_SYS_LONGHELP
static char aes_help_text[] =
	"[.128,.192,.256] enc key iv src dst len - Encrypt block of data $len bytes long\n"
	"                             at address $src using a key at address\n"
	"                             $key with initialization vector at address\n"
	"                             $iv. Store the result at address $dst.\n"
	"                             The $len size must be multiple of 16 bytes.\n"
	"                             The $key and $iv must be 16 bytes long.\n"
	"aes [.128,.192,.256] dec key iv src dst len - Decrypt block of data $len bytes long\n"
	"                             at address $src using a key at address\n"
	"                             $key with initialization vector at address\n"
	"                             $iv. Store the result at address $dst.\n"
	"                             The $len size must be multiple of 16 bytes.\n"
	"                             The $key and $iv must be 16 bytes long.";
#endif

U_BOOT_CMD(
	aes, 7, 1, do_aes,
	"AES 128/192/256 CBC encryption",
	aes_help_text
);
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> 2018-05-06 21:58:06 +00:00			`// SPDX-License-Identifier: GPL-2.0+`
aes: Add 'aes' command to access AES-128-CBC Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de> 2014-03-05 18:58:39 +00:00			`/*`
			`* Copyright (C) 2014 Marek Vasut <marex@denx.de>`
			`*`
aes: add support of aes192 and aes256 Until now, we only support aes128. This commit add the support of aes192 and aes256. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> 2020-01-06 14:22:35 +00:00			`* Command for en/de-crypting block of memory with AES-[128/192/256]-CBC cipher.`
aes: Add 'aes' command to access AES-128-CBC Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de> 2014-03-05 18:58:39 +00:00			`*/`

			`#include <common.h>`
			`#include <command.h>`
Rename aes.h to uboot_aes.h aes.h is a too generic name if this file can be exported and used by a program. Rename it to avoid any conflicts with other files (for example, from openSSL). Signed-off-by: Stefano Babic <sbabic@denx.de> 2017-04-05 16:08:00 +00:00			`#include <uboot_aes.h>`
aes: Add 'aes' command to access AES-128-CBC Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de> 2014-03-05 18:58:39 +00:00			`#include <malloc.h>`
			`#include <asm/byteorder.h>`
			`#include <linux/compiler.h>`
cmd: aes: use map_sysmem when accessing memory The aes command used to segfault when accessing memory in sandbox. The pointer accesses should be mapped. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> 2019-09-24 09:32:29 +00:00			`#include <mapmem.h>`
aes: Add 'aes' command to access AES-128-CBC Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de> 2014-03-05 18:58:39 +00:00
aes: add support of aes192 and aes256 Until now, we only support aes128. This commit add the support of aes192 and aes256. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> 2020-01-06 14:22:35 +00:00			`u32 aes_get_key_len(char *command)`
			`{`
			`u32 key_len = AES128_KEY_LENGTH;`

			`if (!strcmp(command, "aes.192"))`
			`key_len = AES192_KEY_LENGTH;`
			`else if (!strcmp(command, "aes.256"))`
			`key_len = AES256_KEY_LENGTH;`

			`return key_len;`
			`}`

aes: Add 'aes' command to access AES-128-CBC Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de> 2014-03-05 18:58:39 +00:00			`/**`
			`* do_aes() - Handle the "aes" command-line command`
			`* @cmdtp: Command data struct pointer`
			`* @flag: Command flag`
			`* @argc: Command-line argument count`
			`* @argv: Array of command-line arguments`
			`*`
			`* Returns zero on success, CMD_RET_USAGE in case of misuse and negative`
			`* on error.`
			`*/`
			`static int do_aes(cmd_tbl_t cmdtp, int flag, int argc, char const argv[])`
			`{`
aes: Allow non-zero initialization vector AES encryption in CBC mode, in most cases, must be used with random initialization vector. Using the same key and initialization vector several times is weak and must be avoided. Added iv parameter to the aes_cbc_encrypt_blocks and aes_cbc_decrypt_blocks functions for passing initialization vector. Command 'aes' now also require the initialization vector parameter. Signed-off-by: Andrey Mozzhuhin <amozzhuhin@yandex.ru> 2018-01-03 12:43:56 +00:00			`uint32_t key_addr, iv_addr, src_addr, dst_addr, len;`
			`uint8_t key_ptr, iv_ptr, src_ptr, dst_ptr;`
aes: add support of aes192 and aes256 Until now, we only support aes128. This commit add the support of aes192 and aes256. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> 2020-01-06 14:22:35 +00:00			`u8 key_exp[AES256_EXPAND_KEY_LENGTH];`
			`u32 aes_blocks, key_len;`
aes: Add 'aes' command to access AES-128-CBC Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de> 2014-03-05 18:58:39 +00:00			`int enc;`

aes: Allow non-zero initialization vector AES encryption in CBC mode, in most cases, must be used with random initialization vector. Using the same key and initialization vector several times is weak and must be avoided. Added iv parameter to the aes_cbc_encrypt_blocks and aes_cbc_decrypt_blocks functions for passing initialization vector. Command 'aes' now also require the initialization vector parameter. Signed-off-by: Andrey Mozzhuhin <amozzhuhin@yandex.ru> 2018-01-03 12:43:56 +00:00			`if (argc != 7)`
aes: Add 'aes' command to access AES-128-CBC Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de> 2014-03-05 18:58:39 +00:00			`return CMD_RET_USAGE;`

aes: add support of aes192 and aes256 Until now, we only support aes128. This commit add the support of aes192 and aes256. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> 2020-01-06 14:22:35 +00:00			`key_len = aes_get_key_len(argv[0]);`

aes: Add 'aes' command to access AES-128-CBC Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de> 2014-03-05 18:58:39 +00:00			`if (!strncmp(argv[1], "enc", 3))`
			`enc = 1;`
			`else if (!strncmp(argv[1], "dec", 3))`
			`enc = 0;`
			`else`
			`return CMD_RET_USAGE;`

			`key_addr = simple_strtoul(argv[2], NULL, 16);`
aes: Allow non-zero initialization vector AES encryption in CBC mode, in most cases, must be used with random initialization vector. Using the same key and initialization vector several times is weak and must be avoided. Added iv parameter to the aes_cbc_encrypt_blocks and aes_cbc_decrypt_blocks functions for passing initialization vector. Command 'aes' now also require the initialization vector parameter. Signed-off-by: Andrey Mozzhuhin <amozzhuhin@yandex.ru> 2018-01-03 12:43:56 +00:00			`iv_addr = simple_strtoul(argv[3], NULL, 16);`
			`src_addr = simple_strtoul(argv[4], NULL, 16);`
			`dst_addr = simple_strtoul(argv[5], NULL, 16);`
			`len = simple_strtoul(argv[6], NULL, 16);`
aes: Add 'aes' command to access AES-128-CBC Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de> 2014-03-05 18:58:39 +00:00
aes: add support of aes192 and aes256 Until now, we only support aes128. This commit add the support of aes192 and aes256. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> 2020-01-06 14:22:35 +00:00			`key_ptr = (uint8_t *)map_sysmem(key_addr, key_len);`
cmd: aes: use map_sysmem when accessing memory The aes command used to segfault when accessing memory in sandbox. The pointer accesses should be mapped. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> 2019-09-24 09:32:29 +00:00			`iv_ptr = (uint8_t *)map_sysmem(iv_addr, 128 / 8);`
			`src_ptr = (uint8_t *)map_sysmem(src_addr, len);`
			`dst_ptr = (uint8_t *)map_sysmem(dst_addr, len);`
aes: Add 'aes' command to access AES-128-CBC Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de> 2014-03-05 18:58:39 +00:00
			`/* First we expand the key. */`
aes: add support of aes192 and aes256 Until now, we only support aes128. This commit add the support of aes192 and aes256. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> 2020-01-06 14:22:35 +00:00			`aes_expand_key(key_ptr, key_len, key_exp);`
aes: Add 'aes' command to access AES-128-CBC Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de> 2014-03-05 18:58:39 +00:00
			`/* Calculate the number of AES blocks to encrypt. */`
aes: add a define for the size of a block In the code, we use the size of the key for the size of the block. It's true when the key is 128 bits, but it become false for key of 192 bits and 256 bits. So to prepare the support of aes192 and 256, we introduce a constant for the iaes block size. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> 2020-01-06 14:22:34 +00:00			`aes_blocks = DIV_ROUND_UP(len, AES_BLOCK_LENGTH);`
aes: Add 'aes' command to access AES-128-CBC Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de> 2014-03-05 18:58:39 +00:00
			`if (enc)`
aes: add support of aes192 and aes256 Until now, we only support aes128. This commit add the support of aes192 and aes256. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> 2020-01-06 14:22:35 +00:00			`aes_cbc_encrypt_blocks(key_len, key_exp, iv_ptr, src_ptr,`
			`dst_ptr, aes_blocks);`
aes: Add 'aes' command to access AES-128-CBC Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de> 2014-03-05 18:58:39 +00:00			`else`
aes: add support of aes192 and aes256 Until now, we only support aes128. This commit add the support of aes192 and aes256. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> 2020-01-06 14:22:35 +00:00			`aes_cbc_decrypt_blocks(key_len, key_exp, iv_ptr, src_ptr,`
			`dst_ptr, aes_blocks);`
aes: Add 'aes' command to access AES-128-CBC Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de> 2014-03-05 18:58:39 +00:00
cmd: aes: use map_sysmem when accessing memory The aes command used to segfault when accessing memory in sandbox. The pointer accesses should be mapped. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> 2019-09-24 09:32:29 +00:00			`unmap_sysmem(key_ptr);`
			`unmap_sysmem(iv_ptr);`
			`unmap_sysmem(src_ptr);`
			`unmap_sysmem(dst_ptr);`

aes: Add 'aes' command to access AES-128-CBC Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de> 2014-03-05 18:58:39 +00:00			`return 0;`
			`}`

			`/***************************************************/`
			`#ifdef CONFIG_SYS_LONGHELP`
			`static char aes_help_text[] =`
aes: add support of aes192 and aes256 Until now, we only support aes128. This commit add the support of aes192 and aes256. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> 2020-01-06 14:22:35 +00:00			`"[.128,.192,.256] enc key iv src dst len - Encrypt block of data $len bytes long\n"`
aes: Allow non-zero initialization vector AES encryption in CBC mode, in most cases, must be used with random initialization vector. Using the same key and initialization vector several times is weak and must be avoided. Added iv parameter to the aes_cbc_encrypt_blocks and aes_cbc_decrypt_blocks functions for passing initialization vector. Command 'aes' now also require the initialization vector parameter. Signed-off-by: Andrey Mozzhuhin <amozzhuhin@yandex.ru> 2018-01-03 12:43:56 +00:00			`" at address $src using a key at address\n"`
			`" $key with initialization vector at address\n"`
			`" $iv. Store the result at address $dst.\n"`
			`" The $len size must be multiple of 16 bytes.\n"`
			`" The $key and $iv must be 16 bytes long.\n"`
aes: add support of aes192 and aes256 Until now, we only support aes128. This commit add the support of aes192 and aes256. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> 2020-01-06 14:22:35 +00:00			`"aes [.128,.192,.256] dec key iv src dst len - Decrypt block of data $len bytes long\n"`
aes: Allow non-zero initialization vector AES encryption in CBC mode, in most cases, must be used with random initialization vector. Using the same key and initialization vector several times is weak and must be avoided. Added iv parameter to the aes_cbc_encrypt_blocks and aes_cbc_decrypt_blocks functions for passing initialization vector. Command 'aes' now also require the initialization vector parameter. Signed-off-by: Andrey Mozzhuhin <amozzhuhin@yandex.ru> 2018-01-03 12:43:56 +00:00			`" at address $src using a key at address\n"`
			`" $key with initialization vector at address\n"`
			`" $iv. Store the result at address $dst.\n"`
			`" The $len size must be multiple of 16 bytes.\n"`
			`" The $key and $iv must be 16 bytes long.";`
aes: Add 'aes' command to access AES-128-CBC Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de> 2014-03-05 18:58:39 +00:00			`#endif`

			`U_BOOT_CMD(`
aes: Allow non-zero initialization vector AES encryption in CBC mode, in most cases, must be used with random initialization vector. Using the same key and initialization vector several times is weak and must be avoided. Added iv parameter to the aes_cbc_encrypt_blocks and aes_cbc_decrypt_blocks functions for passing initialization vector. Command 'aes' now also require the initialization vector parameter. Signed-off-by: Andrey Mozzhuhin <amozzhuhin@yandex.ru> 2018-01-03 12:43:56 +00:00			`aes, 7, 1, do_aes,`
aes: add support of aes192 and aes256 Until now, we only support aes128. This commit add the support of aes192 and aes256. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> 2020-01-06 14:22:35 +00:00			`"AES 128/192/256 CBC encryption",`
aes: Add 'aes' command to access AES-128-CBC Add simple 'aes' command, which allows using the AES-128-CBC encryption and decryption functions from U-Boot command line. Signed-off-by: Marek Vasut <marex@denx.de> 2014-03-05 18:58:39 +00:00			`aes_help_text`
			`);`