u-boot: fit: add support to decrypt fit with aes

This commit add to u-boot the support to decrypt
fit image encrypted with aes. The FIT image contains
the key name and the IV name. Then u-boot look for
the key and IV in his device tree and decrypt images
before moving to the next stage.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

2 files changed, 46 insertions, 0 deletions

diff --git a/lib/aes/Makefile b/lib/aes/Makefile
new file mode 100644
index 0000000000..daed52a713
--- /dev/null
+++ b/lib/aes/Makefile
@@ -0,0 +1,5 @@
+# SPDX-License-Identifier: GPL-2.0+
+#
+# Copyright (c) 2019, Softathome
+
+obj-$(CONFIG_$(SPL_)FIT_CIPHER) += aes-decrypt.o
diff --git a/lib/aes/aes-decrypt.c b/lib/aes/aes-decrypt.c
new file mode 100644
index 0000000000..345029fa78
--- /dev/null
+++ b/lib/aes/aes-decrypt.c
@@ -0,0 +1,41 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (c) 2019, softathome
+ */
+
+#ifndef USE_HOSTCC
+#include <common.h>
+#include <malloc.h>
+#endif
+#include <image.h>
+#include <uboot_aes.h>
+
+int image_aes_decrypt(struct image_cipher_info *info,
+		      const void *cipher, size_t cipher_len,
+		      void **data, size_t *size)
+{
+#ifndef USE_HOSTCC
+	unsigned char key_exp[AES256_EXPAND_KEY_LENGTH];
+	unsigned int aes_blocks, key_len = info->cipher->key_len;
+
+	*data = malloc(cipher_len);
+	if (!*data) {
+		printf("Can't allocate memory to decrypt\n");
+		return -ENOMEM;
+	}
+	*size = info->size_unciphered;
+
+	memcpy(&key_exp[0], info->key, key_len);
+
+	/* First we expand the key. */
+	aes_expand_key((u8 *)info->key, key_len, key_exp);
+
+	/* Calculate the number of AES blocks to encrypt. */
+	aes_blocks = DIV_ROUND_UP(cipher_len, AES_BLOCK_LENGTH);
+
+	aes_cbc_decrypt_blocks(key_len, key_exp, (u8 *)info->iv,
+			       (u8 *)cipher, *data, aes_blocks);
+#endif
+
+	return 0;
+}