u-boot: fit: add support to decrypt fit with aes
This commit add to u-boot the support to decrypt
fit image encrypted with aes. The FIT image contains
the key name and the IV name. Then u-boot look for
the key and IV in his device tree and decrypt images
before moving to the next stage.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
diff --git a/lib/aes/Makefile b/lib/aes/Makefile
new file mode 100644
index 0000000..daed52a
--- /dev/null
+++ b/lib/aes/Makefile
@@ -0,0 +1,5 @@
+# SPDX-License-Identifier: GPL-2.0+
+#
+# Copyright (c) 2019, Softathome
+
+obj-$(CONFIG_$(SPL_)FIT_CIPHER) += aes-decrypt.o
diff --git a/lib/aes/aes-decrypt.c b/lib/aes/aes-decrypt.c
new file mode 100644
index 0000000..345029f
--- /dev/null
+++ b/lib/aes/aes-decrypt.c
@@ -0,0 +1,41 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (c) 2019, softathome
+ */
+
+#ifndef USE_HOSTCC
+#include <common.h>
+#include <malloc.h>
+#endif
+#include <image.h>
+#include <uboot_aes.h>
+
+int image_aes_decrypt(struct image_cipher_info *info,
+ const void *cipher, size_t cipher_len,
+ void **data, size_t *size)
+{
+#ifndef USE_HOSTCC
+ unsigned char key_exp[AES256_EXPAND_KEY_LENGTH];
+ unsigned int aes_blocks, key_len = info->cipher->key_len;
+
+ *data = malloc(cipher_len);
+ if (!*data) {
+ printf("Can't allocate memory to decrypt\n");
+ return -ENOMEM;
+ }
+ *size = info->size_unciphered;
+
+ memcpy(&key_exp[0], info->key, key_len);
+
+ /* First we expand the key. */
+ aes_expand_key((u8 *)info->key, key_len, key_exp);
+
+ /* Calculate the number of AES blocks to encrypt. */
+ aes_blocks = DIV_ROUND_UP(cipher_len, AES_BLOCK_LENGTH);
+
+ aes_cbc_decrypt_blocks(key_len, key_exp, (u8 *)info->iv,
+ (u8 *)cipher, *data, aes_blocks);
+#endif
+
+ return 0;
+}