summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorPhilippe Reynes <philippe.reynes@softathome.com>2019-12-18 18:25:42 +0100
committerTom Rini <trini@konsulko.com>2020-01-17 10:16:29 -0500
commit4df3578119b043d76b86b50077b06898fc2a4f62 (patch)
tree08667edb96f6a8efde767b10fabceafb746e3af7 /lib
parent7298e422504ef4455160216b9b7a1baa1169283f (diff)
downloadu-boot-4df3578119b043d76b86b50077b06898fc2a4f62.tar.gz
u-boot: fit: add support to decrypt fit with aesWIP/2020-01-17-improve-aes-support
This commit add to u-boot the support to decrypt fit image encrypted with aes. The FIT image contains the key name and the IV name. Then u-boot look for the key and IV in his device tree and decrypt images before moving to the next stage. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Diffstat (limited to 'lib')
-rw-r--r--lib/Makefile1
-rw-r--r--lib/aes/Makefile5
-rw-r--r--lib/aes/aes-decrypt.c41
3 files changed, 47 insertions, 0 deletions
diff --git a/lib/Makefile b/lib/Makefile
index 6b7b9ce85c..51eba80b89 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -21,6 +21,7 @@ obj-$(CONFIG_ASN1_DECODER) += asn1_decoder.o
obj-y += crypto/
obj-$(CONFIG_AES) += aes.o
+obj-$(CONFIG_AES) += aes/
obj-$(CONFIG_$(SPL_TPL_)BINMAN_FDT) += binman.o
ifndef API_BUILD
diff --git a/lib/aes/Makefile b/lib/aes/Makefile
new file mode 100644
index 0000000000..daed52a713
--- /dev/null
+++ b/lib/aes/Makefile
@@ -0,0 +1,5 @@
+# SPDX-License-Identifier: GPL-2.0+
+#
+# Copyright (c) 2019, Softathome
+
+obj-$(CONFIG_$(SPL_)FIT_CIPHER) += aes-decrypt.o
diff --git a/lib/aes/aes-decrypt.c b/lib/aes/aes-decrypt.c
new file mode 100644
index 0000000000..345029fa78
--- /dev/null
+++ b/lib/aes/aes-decrypt.c
@@ -0,0 +1,41 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (c) 2019, softathome
+ */
+
+#ifndef USE_HOSTCC
+#include <common.h>
+#include <malloc.h>
+#endif
+#include <image.h>
+#include <uboot_aes.h>
+
+int image_aes_decrypt(struct image_cipher_info *info,
+ const void *cipher, size_t cipher_len,
+ void **data, size_t *size)
+{
+#ifndef USE_HOSTCC
+ unsigned char key_exp[AES256_EXPAND_KEY_LENGTH];
+ unsigned int aes_blocks, key_len = info->cipher->key_len;
+
+ *data = malloc(cipher_len);
+ if (!*data) {
+ printf("Can't allocate memory to decrypt\n");
+ return -ENOMEM;
+ }
+ *size = info->size_unciphered;
+
+ memcpy(&key_exp[0], info->key, key_len);
+
+ /* First we expand the key. */
+ aes_expand_key((u8 *)info->key, key_len, key_exp);
+
+ /* Calculate the number of AES blocks to encrypt. */
+ aes_blocks = DIV_ROUND_UP(cipher_len, AES_BLOCK_LENGTH);
+
+ aes_cbc_decrypt_blocks(key_len, key_exp, (u8 *)info->iv,
+ (u8 *)cipher, *data, aes_blocks);
+#endif
+
+ return 0;
+}