diff options
| author | Philippe Reynes <philippe.reynes@softathome.com> | 2020-09-17 15:01:46 +0200 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2020-10-12 21:30:37 -0400 |
| commit | a6982a6f768bdcf4bd0848ff4dbe68c2fd6599fb (patch) | |
| tree | e50accdcee18fc7e01b2df722022a2d4ed64d7e9 /lib/aes | |
| parent | 34ca77c1e113d42a63f8ae21b41ec7f9f356c1de (diff) | |
| download | u-boot-a6982a6f768bdcf4bd0848ff4dbe68c2fd6599fb.tar.gz u-boot-a6982a6f768bdcf4bd0848ff4dbe68c2fd6599fb.tar.bz2 u-boot-a6982a6f768bdcf4bd0848ff4dbe68c2fd6599fb.zip | |
fit: cipher: aes: allow to store the IV in the FIT image
Binaries may be encrypted in a FIT image with AES. This
algo needs a key and an IV (Initialization Vector). The
IV is provided in a file (pointer by iv-name-hint in the
ITS file) when building the ITB file.
This commits adds provide an alternative way to manage
the IV. If the property iv-name-hint is not provided in
the ITS file, the tool mkimage will generate an random
IV and store it in the FIT image.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Diffstat (limited to 'lib/aes')
| -rw-r--r-- | lib/aes/aes-encrypt.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/lib/aes/aes-encrypt.c b/lib/aes/aes-encrypt.c index de00a836f6..a6d1720f30 100644 --- a/lib/aes/aes-encrypt.c +++ b/lib/aes/aes-encrypt.c @@ -74,7 +74,8 @@ int image_aes_encrypt(struct image_cipher_info *info, return ret; } -int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest) +int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest, + void *fit, int node_noffset) { int parent, node; char name[128]; @@ -97,8 +98,13 @@ int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest) goto done; /* Either create or overwrite the named key node */ - snprintf(name, sizeof(name), "key-%s-%s-%s", - info->name, info->keyname, info->ivname); + if (info->ivname) + snprintf(name, sizeof(name), "key-%s-%s-%s", + info->name, info->keyname, info->ivname); + else + snprintf(name, sizeof(name), "key-%s-%s", + info->name, info->keyname); + node = fdt_subnode_offset(keydest, parent, name); if (node == -FDT_ERR_NOTFOUND) { node = fdt_add_subnode(keydest, parent, name); @@ -116,9 +122,17 @@ int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest) ret = node; } - if (!ret) + if (ret) + goto done; + + if (info->ivname) + /* Store the IV in the u-boot device tree */ ret = fdt_setprop(keydest, node, "iv", info->iv, info->cipher->iv_len); + else + /* Store the IV in the FIT image */ + ret = fdt_setprop(fit, node_noffset, "iv", + info->iv, info->cipher->iv_len); if (!ret) ret = fdt_setprop(keydest, node, "key", |