/* * Copyright (C) 2014 Marek Vasut * * Command for en/de-crypting block of memory with AES-128-CBC cipher. * * SPDX-License-Identifier: GPL-2.0+ */ #include #include #include #include #include #include #include #include #include DECLARE_GLOBAL_DATA_PTR; #ifdef CONFIG_CMD_AES_256 enum tz_crypto_service_aes_cmd_t { TZ_CRYPTO_SERVICE_AES_ENC_ID = 0x7, TZ_CRYPTO_SERVICE_AES_DEC_ID = 0x8, }; enum tz_crypto_service_aes_type_t { TZ_CRYPTO_SERVICE_AES_SHK = 0x1, TZ_CRYPTO_SERVICE_AES_PHK = 0x2, TZ_CRYPTO_SERVICE_AES_TYPE_MAX, }; enum tz_crypto_service_aes_mode_t { TZ_CRYPTO_SERVICE_AES_ECB = 0x0, TZ_CRYPTO_SERVICE_AES_CBC = 0x1, TZ_CRYPTO_SERVICE_AES_MODE_MAX, }; struct crypto_aes_req_data_t { uint64_t type; uint64_t mode; uint64_t req_buf; uint64_t req_len; uint64_t ivdata; uint64_t iv_len; uint64_t resp_buf; uint64_t resp_len; }; /** * do_aes_256() - Handle the "aes" command-line command * @cmdtp: Command data struct pointer * @flag: Command flag * @argc: Command-line argument count * @argv: Array of command-line arguments * * Returns zero on success, CMD_RET_USAGE in case of misuse and negative * on error. */ static int do_aes_256(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) { uint64_t src_addr, dst_addr, ivdata; uint64_t req_len, iv_len, resp_len, type, mode; struct crypto_aes_req_data_t *req_ptr = NULL; int cmd_id = -1; int ret = CMD_RET_USAGE; if (argc != 10) return ret; if (!strncmp(argv[1], "enc", 3)) cmd_id = TZ_CRYPTO_SERVICE_AES_ENC_ID; else if (!strncmp(argv[1], "dec", 3)) cmd_id = TZ_CRYPTO_SERVICE_AES_DEC_ID; else return ret; type = simple_strtoul(argv[2], NULL, 16); if (type >= TZ_CRYPTO_SERVICE_AES_TYPE_MAX) { printf("unkown type specified, use 0x1 - SHK, 0x2 - PHK\n"); goto err; } mode = simple_strtoul(argv[3], NULL, 16); if (mode >= TZ_CRYPTO_SERVICE_AES_MODE_MAX) { printf("unkown mode specified, use 0x0 - ECB, 0x1 - CBC\n"); goto err; } src_addr = simple_strtoull(argv[4], NULL, 16); req_len = simple_strtoul(argv[5], NULL, 16); if (req_len <= 0 || (req_len % 16) != 0) { printf("Invalid request buffer length, length " "should be multiple of AES block size (16)\n"); goto err; } ivdata = simple_strtoull(argv[6], NULL, 16); iv_len = simple_strtoul(argv[7], NULL, 16); if (iv_len != 16) { printf("Error: iv length should be equal to AES block size (16)\n"); goto err; } dst_addr = simple_strtoull(argv[8], NULL, 16); resp_len = simple_strtoul(argv[9], NULL, 16); if (resp_len < req_len) { printf("Error: response buffer cannot be less then request buffer\n"); goto err; } req_ptr = (struct crypto_aes_req_data_t *)memalign(ARCH_DMA_MINALIGN, sizeof(struct crypto_aes_req_data_t)); if (!req_ptr) { printf("Error allocating memory"); return -ENOMEM; } req_ptr->type = type; req_ptr->mode = mode; req_ptr->req_buf = (uint64_t)src_addr; req_ptr->req_len = req_len; req_ptr->ivdata = (mode == TZ_CRYPTO_SERVICE_AES_CBC) ? (uint64_t)ivdata : 0; req_ptr->iv_len = iv_len; req_ptr->resp_buf = (uint64_t)dst_addr; req_ptr->resp_len = resp_len; ret = qca_scm_crypto(cmd_id, (void *)req_ptr, sizeof(struct crypto_aes_req_data_t)); if (req_ptr) free(req_ptr); if (ret) { printf("Scm call failed with error code: %d\n", ret); return ret; } return 0; err: if (req_ptr) free(req_ptr); return CMD_RET_USAGE; } /***************************************************/ U_BOOT_CMD( aes_256, 10, 1, do_aes_256, "AES 256 CBC/ECB encryption/decryption", "Encryption: echo enc " " " "Decryption: echo dec " ); #endif #ifdef CONFIG_CMD_AES_128 /** * do_aes() - Handle the "aes" command-line command * @cmdtp: Command data struct pointer * @flag: Command flag * @argc: Command-line argument count * @argv: Array of command-line arguments * * Returns zero on success, CMD_RET_USAGE in case of misuse and negative * on error. */ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) { uint32_t key_addr, src_addr, dst_addr, len; uint8_t *key_ptr, *src_ptr, *dst_ptr; uint8_t key_exp[AES_EXPAND_KEY_LENGTH]; uint32_t aes_blocks; int enc; if (argc != 6) return CMD_RET_USAGE; if (!strncmp(argv[1], "enc", 3)) enc = 1; else if (!strncmp(argv[1], "dec", 3)) enc = 0; else return CMD_RET_USAGE; key_addr = simple_strtoul(argv[2], NULL, 16); src_addr = simple_strtoul(argv[3], NULL, 16); dst_addr = simple_strtoul(argv[4], NULL, 16); len = simple_strtoul(argv[5], NULL, 16); key_ptr = (uint8_t *)key_addr; src_ptr = (uint8_t *)src_addr; dst_ptr = (uint8_t *)dst_addr; /* First we expand the key. */ aes_expand_key(key_ptr, key_exp); /* Calculate the number of AES blocks to encrypt. */ aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH); if (enc) aes_cbc_encrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks); else aes_cbc_decrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks); return 0; } /***************************************************/ #ifdef CONFIG_SYS_LONGHELP static char aes_help_text[] = "enc key src dst len - Encrypt block of data $len bytes long\n" " at address $src using a key at address\n" " $key and store the result at address\n" " $dst. The $len size must be multiple of\n" " 16 bytes and $key must be 16 bytes long.\n" "aes dec key src dst len - Decrypt block of data $len bytes long\n" " at address $src using a key at address\n" " $key and store the result at address\n" " $dst. The $len size must be multiple of\n" " 16 bytes and $key must be 16 bytes long."; #endif U_BOOT_CMD( aes, 6, 1, do_aes, "AES 128 CBC encryption", aes_help_text ); #endif