From: Siva Durga Prasad Paladugu siva.durga.paladugu@xilinx.com
Extend aes command to use hw engine for decryption if available in hardware.
Signed-off-by: Siva Durga Prasad Paladugu sivadur@xilinx.com Signed-off-by: Michal Simek michal.simek@xilinx.com ---
cmd/aes.c | 55 +++++++++++++++++++++++++++++++++++------------------ include/uboot_aes.h | 10 ++++++++++ 2 files changed, 47 insertions(+), 18 deletions(-)
diff --git a/cmd/aes.c b/cmd/aes.c index ee1ae13c06ec..48835129658e 100644 --- a/cmd/aes.c +++ b/cmd/aes.c @@ -16,6 +16,11 @@
DECLARE_GLOBAL_DATA_PTR;
+__weak int aes_decrypt_hw(u8 *key_ptr, u8 *src_ptr, u8 *dst_ptr, u32 len) +{ + return 0; +} + /** * do_aes() - Handle the "aes" command-line command * @cmdtp: Command data struct pointer @@ -33,8 +38,9 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) uint8_t key_exp[AES_EXPAND_KEY_LENGTH]; uint32_t aes_blocks; int enc; + bool use_hw = false;
- if (argc != 6) + if (argc < 6 || argc > 7) return CMD_RET_USAGE;
if (!strncmp(argv[1], "enc", 3)) @@ -49,21 +55,31 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) dst_addr = simple_strtoul(argv[4], NULL, 16); len = simple_strtoul(argv[5], NULL, 16);
- key_ptr = (uint8_t *)key_addr; - src_ptr = (uint8_t *)src_addr; - dst_ptr = (uint8_t *)dst_addr; + if (argc == 7) + if (!strncmp(argv[6], "hw", 2)) + use_hw = true;
- /* First we expand the key. */ - aes_expand_key(key_ptr, key_exp); + key_ptr = (uint8_t *)(uintptr_t)key_addr; + src_ptr = (uint8_t *)(uintptr_t)src_addr; + dst_ptr = (uint8_t *)(uintptr_t)dst_addr;
- /* Calculate the number of AES blocks to encrypt. */ - aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH); + if (use_hw) { + if (!enc) + aes_decrypt_hw(key_ptr, src_ptr, dst_ptr, len); + } else { + /* First we expand the key. */ + aes_expand_key(key_ptr, key_exp);
- if (enc) - aes_cbc_encrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks); - else - aes_cbc_decrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks); + /* Calculate the number of AES blocks to encrypt. */ + aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH);
+ if (enc) + aes_cbc_encrypt_blocks(key_exp, src_ptr, dst_ptr, + aes_blocks); + else + aes_cbc_decrypt_blocks(key_exp, src_ptr, dst_ptr, + aes_blocks); + } return 0; }
@@ -75,15 +91,18 @@ static char aes_help_text[] = " $key and store the result at address\n" " $dst. The $len size must be multiple of\n" " 16 bytes and $key must be 16 bytes long.\n" - "aes dec key src dst len - Decrypt block of data $len bytes long\n" - " at address $src using a key at address\n" - " $key and store the result at address\n" - " $dst. The $len size must be multiple of\n" - " 16 bytes and $key must be 16 bytes long."; + "aes dec key src dst len [hw] - Decrypt block of data $len bytes\n" + " long at address $src using a key at\n" + " address $key and store the result at\n" + " address $dst. The $len size must be\n" + " multiple of 16 bytes and $key must be\n" + " 16 bytes long. The optional hw flag\n" + " specifies to used hardware engine if\n" + " supports\n"; #endif
U_BOOT_CMD( - aes, 6, 1, do_aes, + aes, 7, 1, do_aes, "AES 128 CBC encryption", aes_help_text ); diff --git a/include/uboot_aes.h b/include/uboot_aes.h index 6315c02aa93d..5198bb98d076 100644 --- a/include/uboot_aes.h +++ b/include/uboot_aes.h @@ -91,4 +91,14 @@ void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks); */ void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *src, u8 *dst, u32 num_aes_blocks);
+/** + * Decrypt the image using hw engine. + * + * @key_ptr Key to use + * @src_ptr Source data to decrypt + * @dst_ptr Destination buffer + * @len Length of encrypted image + */ +int aes_decrypt_hw(u8 *key_ptr, u8 *src_ptr, u8 *dst_ptr, u32 len); + #endif /* _AES_REF_H_ */