commit 3d96470612e646534f023152d437128aa3f9c77b
author Philippe Reynes <philippe.reynes@softathome.com> Wed Dec 18 18:25:42 2019 +0100
committer Tom Rini <trini@konsulko.com> Fri Jan 17 10:16:29 2020 -0500
tree 08667edb96f6a8efde767b10fabceafb746e3af7
parent 3148e420e6f2eb6ba458bef2f96bd018901f9247

u-boot: fit: add support to decrypt fit with aes

This commit add to u-boot the support to decrypt
fit image encrypted with aes. The FIT image contains
the key name and the IV name. Then u-boot look for
the key and IV in his device tree and decrypt images
before moving to the next stage.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

include/image.h

diff --git a/include/image.h b/include/image.h
index bb8abe5..86ebaae 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1023,6 +1023,8 @@
 int fit_image_get_data_position(const void *fit, int noffset,
 				int *data_position);
 int fit_image_get_data_size(const void *fit, int noffset, int *data_size);
+int fit_image_get_data_size_unciphered(const void *fit, int noffset,
+				       size_t *data_size);
 int fit_image_get_data_and_size(const void *fit, int noffset,
 				const void **data, size_t *size);
 
@@ -1066,6 +1068,7 @@
 int fit_image_verify(const void *fit, int noffset);
 int fit_config_verify(const void *fit, int conf_noffset);
 int fit_all_image_verify(const void *fit);
+int fit_config_decrypt(const void *fit, int conf_noffset);
 int fit_image_check_os(const void *fit, int noffset, uint8_t os);
 int fit_image_check_arch(const void *fit, int noffset, uint8_t arch);
 int fit_image_check_type(const void *fit, int noffset, uint8_t type);
@@ -1293,6 +1296,11 @@
 int fit_image_check_sig(const void *fit, int noffset, const void *data,
 		size_t size, int required_keynode, char **err_msgp);
 
+int fit_image_decrypt_data(const void *fit,
+			   int image_noffset, int cipher_noffset,
+			   const void *data, size_t size,
+			   void **data_unciphered, size_t *size_unciphered);
+
 /**
  * fit_region_make_list() - Make a list of regions to hash
  *
@@ -1367,6 +1375,10 @@
 
 	int (*add_cipher_data)(struct image_cipher_info *info,
 			       void *keydest);
+
+	int (*decrypt)(struct image_cipher_info *info,
+		       const void *cipher, size_t cipher_len,
+		       void **data, size_t *data_len);
 };
 
 int fit_image_cipher_get_algo(const void *fit, int noffset, char **algo);

include/u-boot/aes.h

diff --git a/include/u-boot/aes.h b/include/u-boot/aes.h
index 4fb2cb7..3228104 100644
--- a/include/u-boot/aes.h
+++ b/include/u-boot/aes.h
@@ -28,4 +28,17 @@
 }
 #endif /* IMAGE_ENABLE_ENCRYPT */
 
+#if IMAGE_ENABLE_DECRYPT
+int image_aes_decrypt(struct image_cipher_info *info,
+		      const void *cipher, size_t cipher_len,
+		      void **data, size_t *size);
+#else
+int image_aes_decrypt(struct image_cipher_info *info,
+		      const void *cipher, size_t cipher_len,
+		      void **data, size_t *size)
+{
+	return -ENXIO;
+}
+#endif /* IMAGE_ENABLE_DECRYPT */
+
 #endif