[U-Boot] [PATCH 4/4] aes: Add 'aes' command to access AES-128-CBC

[Marek Vasut <marex@denx.de>]

Add simple 'aes' command, which allows using the AES-128-CBC encryption
and decryption functions from U-Boot command line.

Signed-off-by: Marek Vasut <marex@denx.de>
---
 README           |  1 +
 common/Makefile  |  1 +
 common/cmd_aes.c | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 91 insertions(+)
 create mode 100644 common/cmd_aes.c

diff --git a/README b/README
index fe48ccd..770113d 100644
--- a/README
+++ b/README
@@ -895,6 +895,7 @@ The following options need to be configured:
 		The default command configuration includes all commands
 		except those marked below with a "*".
 
+		CONFIG_CMD_AES		  AES 128 CBC encrypt/decrypt
 		CONFIG_CMD_ASKENV	* ask for env variable
 		CONFIG_CMD_BDI		  bdinfo
 		CONFIG_CMD_BEDBUG	* Include BedBug Debugger
diff --git a/common/Makefile b/common/Makefile
index a83246e..2879304 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -48,6 +48,7 @@ obj-$(CONFIG_ENV_IS_IN_UBI) += env_ubi.o
 obj-$(CONFIG_ENV_IS_NOWHERE) += env_nowhere.o
 
 # command
+obj-$(CONFIG_CMD_AES) += cmd_aes.o
 obj-$(CONFIG_CMD_AMBAPP) += cmd_ambapp.o
 obj-$(CONFIG_SOURCE) += cmd_source.o
 obj-$(CONFIG_CMD_SOURCE) += cmd_source.o
diff --git a/common/cmd_aes.c b/common/cmd_aes.c
new file mode 100644
index 0000000..76da3ef
--- /dev/null
+++ b/common/cmd_aes.c
@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2014 Marek Vasut <marex@denx.de>
+ *
+ * Command for en/de-crypting block of memory with AES-128-CBC cipher.
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ */
+
+#include <common.h>
+#include <command.h>
+#include <environment.h>
+#include <aes.h>
+#include <malloc.h>
+#include <asm/byteorder.h>
+#include <linux/compiler.h>
+
+DECLARE_GLOBAL_DATA_PTR;
+
+/**
+ * do_aes() - Handle the "aes" command-line command
+ * @cmdtp:	Command data struct pointer
+ * @flag:	Command flag
+ * @argc:	Command-line argument count
+ * @argv:	Array of command-line arguments
+ *
+ * Returns zero on success, CMD_RET_USAGE in case of misuse and negative
+ * on error.
+ */
+static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
+{
+	uint32_t key_addr, src_addr, dst_addr, len;
+	uint8_t *key_ptr, *src_ptr, *dst_ptr;
+	uint8_t key_exp[AES_EXPAND_KEY_LENGTH];
+	uint32_t aes_blocks;
+	int enc;
+
+	if (argc != 6)
+		return CMD_RET_USAGE;
+
+	if (!strncmp(argv[1], "enc", 3))
+		enc = 1;
+	else if (!strncmp(argv[1], "dec", 3))
+		enc = 0;
+	else
+		return CMD_RET_USAGE;
+
+	key_addr = simple_strtoul(argv[2], NULL, 16);
+	src_addr = simple_strtoul(argv[3], NULL, 16);
+	dst_addr = simple_strtoul(argv[4], NULL, 16);
+	len = simple_strtoul(argv[5], NULL, 16);
+
+	key_ptr = (uint8_t *)key_addr;
+	src_ptr = (uint8_t *)src_addr;
+	dst_ptr = (uint8_t *)dst_addr;
+
+	/* First we expand the key. */
+	aes_expand_key(key_ptr, key_exp);
+
+	/* Calculate the number of AES blocks to encrypt. */
+	aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH);
+
+	if (enc)
+		aes_cbc_encrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks);
+	else
+		aes_cbc_decrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks);
+
+	return 0;
+}
+
+/***************************************************/
+#ifdef CONFIG_SYS_LONGHELP
+static char aes_help_text[] =
+	"enc key src dst len - Encrypt block of data $len bytes long\n"
+	"                          at address $src using a key at address\n"
+	"                          $key and store the result at address\n"
+	"                          $dst. The $len size must be multiple of\n"
+	"                          16 bytes and $key must be 16 bytes long.\n"
+	"aes dec key src dst len - Decrypt block of data $len bytes long\n"
+	"                          at address $src using a key at address\n"
+	"                          $key and store the result at address\n"
+	"                          $dst. The $len size must be multiple of\n"
+	"                          16 bytes and $key must be 16 bytes long.";
+#endif
+
+U_BOOT_CMD(
+	aes, 6, 1, do_aes,
+	"AES 128 CBC encryption",
+	aes_help_text
+);
-- 
1.8.5.3